Read the original article: Multiple Sanctions Brought Down Against Russian-backed Organizations and Agencies In response to the SolarWinds supply attack, the U.S. government issued sanctions against Russia. In the order, clear attribution was made, stating that teams in the Russian…
Category: Threat Watch – Binary Defense
Rowhammer Attacks Are Back on Stage
Read the original article: Rowhammer Attacks Are Back on Stage Researchers at Sopho’s have observed a sort of reboot to a classic, mostly theoretical, attack named Rowhammer. This attack involves repeatedly attack a specific address in memory enough to affect…
Ryuk Adding New Tools to Their Arsenal
Read the original article: Ryuk Adding New Tools to Their Arsenal Advintel has released a report detailing the Tactics, Techniques, and Procedures (TTPs) behind the Ryuk ransomware, including some new observations made by their team throughout 2021 so far. Remote…
HackBoss Cryptocurrency Malware Being Distributed Through Telegram
Read the original article: HackBoss Cryptocurrency Malware Being Distributed Through Telegram According to researchers at Avast Security, a new campaign has been targeting people who are looking for hacking tools on Telegram channels. The HackBoss cryptocurrency malware has been using…
NFT Site Rarible Targeted in Typosquatting Campaign
Read the original article: NFT Site Rarible Targeted in Typosquatting Campaign Non-Fungible Tokens (NFTs) have become extremely popular as of late and have been making people a lot of money. Quite simply, NFTs are digital comps or artwork and other…
Celsius Cryptocurrency Breach
Read the original article: Celsius Cryptocurrency Breach The cryptocurrency rewards program platform Celsius network has disclosed a security breach that led to customer information being exposed. Celsius CEO Alex Mashinsky stated that a third-party marketing server was compromised and that…
IcedID Malware Ramping Up
Read the original article: IcedID Malware Ramping Up Following the takedown of Emotet, a hole was left in the malspam-as-a-service cybercrime ecosystem. IcedID, a well-known banking trojan used by multiple distinct threat groups, now seems primed to fill that hole…
Compromised Exchange Servers Were Used to Host Payloads to Hack Other Exchange Servers
Read the original article: Compromised Exchange Servers Were Used to Host Payloads to Hack Other Exchange Servers While many threat actors attempted to take advantage of the recent ProxyLogon Exchange vulnerabilities to deploy ransomware, some went in another direction. A…
Researcher Discovers Kubernetes Denial of Service Vulnerability
Read the original article: Researcher Discovers Kubernetes Denial of Service Vulnerability CVE-2021-20291 was discovered earlier this month by Aviv Sasson. This effort was part of a security audit surveying multiple Go libraries that Kubernetes relies on to function. This vulnerability…
Operation to Remove Exchange Webshells Announced by Department of Justice
Read the original article: Operation to Remove Exchange Webshells Announced by Department of Justice To mitigate the damage from the rapid exploitation of the ProxyLogon vulnerabilities in Microsoft Exchange servers, the FBI conducted a court-approved operation to remove webshells left…
Microsoft Exchange Server Vulnerabilities, Patch Now
Read the original article: Microsoft Exchange Server Vulnerabilities, Patch Now Microsoft has released a security update for the Exchange Server that addresses four vulnerabilities with severity scores ranging from high to critical. All the security flaws lead to remote code…
Multiple Tasmania Casinos Affected in Ransomware Attack
Read the original article: Multiple Tasmania Casinos Affected in Ransomware Attack Two out of the four casinos that are located on the Australian island of Tasmania have been affected by a ransomware attack. The attack targeted the sole casino operator…
Risk and Compliance Company LogicGate Suffers Data Breach
Read the original article: Risk and Compliance Company LogicGate Suffers Data Breach Some information has finally been released regarding a breach of LogicGate that occurred back in February. Until this week, the company had only disclosed the information to their…
DNS and TCP/IP Stack Vulnerabilities Affect 100 Million Devices
Read the original article: DNS and TCP/IP Stack Vulnerabilities Affect 100 Million Devices In a joint effort between researchers at JSOF and Forescout, a group of vulnerabilities has been disclosed affecting DNS in 100 million devices that are based on…
Ransomware Attack Caused Cheese Shortage at Supermarket Chains in the Netherlands
Read the original article: Ransomware Attack Caused Cheese Shortage at Supermarket Chains in the Netherlands Dutch warehousing and conditioned transport company Bakker Logistiek faced disruptions to operations after systems were encrypted by ransomware last week. As one of the largest…
Microsoft Security Intelligence Identifies Surge of IcedID Campaigns Leading to Cobalt Strike
Read the original article: Microsoft Security Intelligence Identifies Surge of IcedID Campaigns Leading to Cobalt Strike Recently, Microsoft has announced that they identified a cybercrime operation leveraging multiple methods to infect employee workstations with IcedID malware. The methods include a…
Threat Actors Abusing Contact Forms to Infect Employees’ Workstations
Read the original article: Threat Actors Abusing Contact Forms to Infect Employees’ Workstations Researchers at Microsoft have alerted the Google security team to a new attack they have witnessed involving legitimate contact forms from companies and Google URLs. The attackers…
Pierre Fabre Hit With $25 Million Ransomware Attack
Read the original article: Pierre Fabre Hit With $25 Million Ransomware Attack Leading French pharmaceutical group, Pierre Fabre, suffered a REvil ransomware attack where the attackers are demanding a ransom payment in Bitcoin worth approximately $25 million USD. Pierre Fabre…
TriHealth Affected After Columbus Law Firm is Breached
Read the original article: TriHealth Affected After Columbus Law Firm is Breached Cincinnati, Ohio based health system TriHealth announced employee and patient data may have been accessed after a breach occurred at one of their partnering businesses. A law firm…
Annual Pwn2Own Contest Reveals No User Interaction Zoom Remote Code Execution
Read the original article: Annual Pwn2Own Contest Reveals No User Interaction Zoom Remote Code Execution Pwn2Own is an annual contest held by the Zero Day Initiative providing a contest for hackers and researchers around the world a chance to win…
Healthcare Benefits Data Stolen During Belden Breach
Read the original article: Healthcare Benefits Data Stolen During Belden Breach After suffering a breach in November of 2020, Belden has disclosed that employee healthcare benefits and dependents from current and former employees were stolen. The information stolen includes names,…
REvil / Sodinokibi Updates New Safe Mode Functionality
Read the original article: REvil / Sodinokibi Updates New Safe Mode Functionality New versions of the Sodinokibi (also commonly known as REvil) ransomware were found last month with functionality for rebooting an infected workstation into Safe Mode. This was widely…
Android Malware Infiltrated Huawei’s Official App Store
Read the original article: Android Malware Infiltrated Huawei’s Official App Store Recently, analysts from the Russian anti-virus maker Dr.Web found ten Android apps from three developers that were infected with Joker, a type of Android Malware that signs up users…
Threat Actor Sells 38 Million Dollars Worth of Gift Cards
Read the original article: Threat Actor Sells 38 Million Dollars Worth of Gift Cards A Russian hacker has sold $38 million USD worth of gift cards on a forum that included close to 900,000 unique gift cards. The cards were…
Backdoor Attack Allows Threat Actors to Access PHP Respository’s User Database
Read the original article: Backdoor Attack Allows Threat Actors to Access PHP Respository’s User Database At the end of March, the git.php.net server was believed to be compromised when a malicious source code update was pushed, adding a backdoor to…
Attackers are Using Discord and Slack Links to Spread Malware
Read the original article: Attackers are Using Discord and Slack Links to Spread Malware As a result of the increase in remote work due to the pandemic, platforms like Discord and Slack have grown in popularity by keeping individuals more…
Joint Alert by CISA and FBI Warns of Active Exploitation Against FortiOS Devices
Read the original article: Joint Alert by CISA and FBI Warns of Active Exploitation Against FortiOS Devices In a joint alert issued on April 2nd, the FBI and CISA warned that threat actors are actively scanning for Fortinet devices running…
VMWare Issues Fix for Carbon Black Cloud Workload Authentication Bypass
Read the original article: VMWare Issues Fix for Carbon Black Cloud Workload Authentication Bypass On April 1st, 2021, VMWare released an advisory and update to address an authentication bypass vulnerability in Carbon Black Cloud rated 9.1 out of 10 on…
Exposed and Unpatched SAP Applications Are Currently Being Targeted
Read the original article: Exposed and Unpatched SAP Applications Are Currently Being Targeted More than 400,000 organizations around the world currently use SAP’s customer relationship management (CRM), product lifecycle management (PLM) and supply chain management (SCM) applications. SAP and cloud…
IoT Provider Sierra Wireless Hit with Ransomware
Read the original article: IoT Provider Sierra Wireless Hit with Ransomware Less than a month ago on March 20th, 2021, Sierra Wireless suffered a ransomware attack which caused production of their IoT devices to stop. While the customer-facing products themselves…
A Company Paid Millions to Get Their Data Back – Then Fell Victim to the Same Attack Again
Read the original article: A Company Paid Millions to Get Their Data Back – Then Fell Victim to the Same Attack Again An unnamed organization that fell victim to ransomware, failed to adequately investigate the root cause of the attack,…
New Maldoc Builder EtterSilent Being Used by Top Threat Actors
Read the original article: New Maldoc Builder EtterSilent Being Used by Top Threat Actors According to researchers at Intel 471, a new malicious document (maldoc) builder called EtterSilent has been heavily advertised on criminal forums since mid-2020. Top malware cybercriminals…
Fake LinkedIn Job Offer Delivers More_eggs Backdoor
Read the original article: Fake LinkedIn Job Offer Delivers More_eggs Backdoor The Threat Response Unit (TRU) at eSentire, a Waterloo, Ontario-based cybersecurity firm, has discovered an ongoing fake jobs spear-phishing scam that is infecting the computer systems of LinkedIn users…
Attackers Utilize GitHub’s CI/CD Actions Features
Read the original article: Attackers Utilize GitHub’s CI/CD Actions Features Recently, attackers have been utilizing the continuous integration/continuous delivery (CI/CD) features on GitHub (GitHub Actions) to merge unauthorized cryptocurrency miners into repositories. The attackers will fork a repository, include the…
Ransomware Attacks on Industrial Control Systems Hit 33.4% in H2 2020
Read the original article: Ransomware Attacks on Industrial Control Systems Hit 33.4% in H2 2020 In a report published by Kaspersky documenting threat activity recorded on devices in the second half of 2020, 33.4% of Industrial Control Systems (ICS) devices…
A Malware Incident is Preventing Emissions Checks in Eight US States
Read the original article: A Malware Incident is Preventing Emissions Checks in Eight US States On March 30th, Applus Technologies detected an unspecified malware incident. While stopping the attack, Applus IT staff had to take systems offline, resulting in emissions…
“A41APT” Campaign Dropping Sophisticated Loader
Read the original article: “A41APT” Campaign Dropping Sophisticated Loader A new campaign dubbed A41APT was recently discovered by SecureList researchers documenting the use of a sophisticated loader module, Ecipekac (also known as SigLoader, HEAVYHAND, or DESLoader). This malware serves up…
Federal Agencies Given Deadline to Look For Compromised Exchange Servers
Read the original article: Federal Agencies Given Deadline to Look For Compromised Exchange Servers Federal agencies have been ordered by the Cybersecurity and Infrastructure Security Agency (CISA) yesterday to look for signs of compromised Exchange servers in their networks. Agencies…
Ubiquiti Breach More Serious Than Previously Announced
Read the original article: Ubiquiti Breach More Serious Than Previously Announced After previously disclosing limited details about what it described in December as a “third-party data breach,” new details that became public this week show that Ubiquiti customer-owned devices have…
Kansas Man Charged For Hacking Water Utility
Read the original article: Kansas Man Charged For Hacking Water Utility Recently, the US Department of Justice has announced an indictment for a Kansas man who is charged with hacking into the computer system of a local water utility and…
Fake COVID-19 Vaccine Card Scam
Read the original article: Fake COVID-19 Vaccine Card Scam US federal agencies have issued a warning against making, selling, or purchasing fake COVID-19 vaccination record cards as this is against the law. Additionally, using fake vaccination record cards could also…
VMware Patches Two Severe Vulnerabilities
Read the original article: VMware Patches Two Severe Vulnerabilities VMware published a security alert on Tuesday, March 30th, outlining two separate severe vulnerabilities within their vRealize Operations, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager software. The vulnerabilities were reported…
Scammers Target Universities in Ongoing IRS Phishing Attacks
Read the original article: Scammers Target Universities in Ongoing IRS Phishing Attacks The Internal Revenue Service (IRS) is warning of ongoing phishing attacks targeting educational institutions. The attackers impersonate the IRS and use tax refund payments as bait while they…
Charming Kitten Targets US and Israeli Healthcare Professionals
Read the original article: Charming Kitten Targets US and Israeli Healthcare Professionals Iranian threat group Charming Kitten set their sights on healthcare professionals in the United States and Israel during the month of December. The targeted people specifically work in…
MalwareBytes Warns of “I Accidentally Reported You” Steam Scam
Read the original article: MalwareBytes Warns of “I Accidentally Reported You” Steam Scam In a report published by Malwarebytes, analysts are warning Steam users about an ongoing scam that starts with messages claiming to have accidentally reported the targeted person’s…
Proof-of-Concept Decryptor Released for Black KingDom Ransomware
Read the original article: Proof-of-Concept Decryptor Released for Black KingDom Ransomware Cybersecurity company Cyberint has released a proof-of-concept (PoC) Python script to decrypt files encrypted by the Black KingDom ransomware. Black KingDom, responsible for infecting thousands of vulnerable Microsoft Exchange…
Docker Hub Host Images Shipping with Cryptominers
Read the original article: Docker Hub Host Images Shipping with Cryptominers Researchers from Palo Alto Network’s Unit 42 research group have discovered 30 images on Docker Hub embedded with Cryptominers. While most of these miners were embedded with XMRig for…
PHP Git Breached – 2 Commits Under Developers Name’s Infected
Read the original article: PHP Git Breached – 2 Commits Under Developers Name’s Infected On Sunday PHP developers released a blog post announcing compromise of their Git repository and source infected. In light of this breach the developers have decided…
Almost 40 German Parliament Email Accounts Accessed After Spear-Phishing Attack
Read the original article: Almost 40 German Parliament Email Accounts Accessed After Spear-Phishing Attack German Parliament members were targeted in an apparent spear-phishing attack recently. Nearly 40 federal and regional Parliament members were affected after their email accounts were accessed.…
Australian TV Network Services Interrupted
Read the original article: Australian TV Network Services Interrupted Reports from the Australian TV network, Nine Network, stated they were the victim of an attack that affected their services, which was similar to a ransomware attack but without a ransom…
Apple Releases Emergency Update
Read the original article: Apple Releases Emergency Update Apple has released an emergency update for their iOS, iPadOS, and watch OS. The patches are numbered iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3. The vulnerability, which was discovered by Google’s Threat…
Ransomware Admin is Refunding Victims Their Ransom Payments
Read the original article: Ransomware Admin is Refunding Victims Their Ransom Payments The Ziggy ransomware administrator announced the end of the operation in early February of this year. Apparently, the threat actor had a guilty conscious and decided to publish…
Data Dump for 7.3 million Dutch Car Owners Offered for Sale on Hacking Forum
Read the original article: Data Dump for 7.3 million Dutch Car Owners Offered for Sale on Hacking Forum RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, recently confirmed a data breach after the personal…
OpenSSL Update Fixes Two High-Severity Vulnerabilities
Read the original article: OpenSSL Update Fixes Two High-Severity Vulnerabilities The OpenSSL project released a new build yesterday that includes fixes for two vulnerabilities. CVE-2021-3449 allows for a denial of service against servers. If a maliciously crafted request to the…
Mamba Ransomware Stores Key in Plaintext
Read the original article: Mamba Ransomware Stores Key in Plaintext In an alert about Mamba ransomware, the FBI disclosed a weakness in the encryption process that could allow victims to decrypt files without paying the ransom, if the victim company…
Cisco Addresses Critical Security Flaws in Jabber Application
Read the original article: Cisco Addresses Critical Security Flaws in Jabber Application Cisco has addressed critical several security issues, one with a severity rating of 9.9/10. The primary flaw concerns Cisco Jabber software, a web conferencing and instant messaging app…
Facebook Blocks Chinese State-Sponsored Threat Actors
Read the original article: Facebook Blocks Chinese State-Sponsored Threat Actors Facebook has taken down numerous accounts they witnessed being used by Chinese state-sponsored threat actors. The accounts were linked to the threat actor known as EarthEmpusa or Evil Eye. The…
FBI Warns Scammers Spoofing FBI Office Phone Numbers in Government Impersonation Fraud
Read the original article: FBI Warns Scammers Spoofing FBI Office Phone Numbers in Government Impersonation Fraud The FBI has seen a recent increase in phone calls that spoof Bureau phone numbers as part of a fraud campaign. Most of this…
Accellion FTA Vulnerability Affects Universities in Colorado and Miami
Read the original article: Accellion FTA Vulnerability Affects Universities in Colorado and Miami The Clop ransomware gang has continued to take advantage of the Accellion FTA vulnerability to extort Accellion’s clients by threatening to leak the data they stole. Thus…
Over 6 Million Israeli Citizens Suffer Data Leak
Read the original article: Over 6 Million Israeli Citizens Suffer Data Leak Recently, attackers calling themselves “The Israeli Autumn” have published archives containing the full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences for over…
BlackKingdom Ransomware Could Encrypt Files Multiple Times or Brick Systems
Read the original article: BlackKingdom Ransomware Could Encrypt Files Multiple Times or Brick Systems A report released yesterday on the recent BlackKingdom ransomware by Sophos has revealed a detailed look at the ransomware’s inner workings. The report lists several indicators…
Phishing Attacks Leveraging Email Marketing Services to Bypass SEGs
Read the original article: Phishing Attacks Leveraging Email Marketing Services to Bypass SEGs In a Twitter thread, Microsoft provided insight into an ongoing spam campaign that takes advantage of compromised email marketing services such as SendGrid and Amazon SES. Because…
Shell Corporation Affected by Accellion FTA Vulnerability
Read the original article: Shell Corporation Affected by Accellion FTA Vulnerability Another victim has announced they’ve suffered a data breach due to Accellion’s File Transfer Appliance (FTA). The oil and gas giant Shell has made it known that an unauthorized…
MagnaDex Manga Site Down After Cyberattack
Read the original article: MagnaDex Manga Site Down After Cyberattack MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics for free, with over 76 million visitors per month. After suffering a series…
Android Zero-day Actively Being Exploited
Read the original article: Android Zero-day Actively Being Exploited Tracked as CVE-2020-11261 and getting a CVSS score of 8.4, a now-patched vulnerability affecting Android devices that use the Qualcomm chipsets is being weaponized by attackers, according to Google. Google stated…
FBI Cleveland Division Warns of Financial Scams
Read the original article: FBI Cleveland Division Warns of Financial Scams The Cleveland Division of the FBI is issuing a warning to the greater North East Ohio community as an increase in reporting of financial scams coming in the form…
Critical F5 BIG-IP Vulnerability Actively Being Exploited and New POCs Released
Read the original article: Critical F5 BIG-IP Vulnerability Actively Being Exploited and New POCs Released In a recent report, NCC Group elaborates on the recent discovery of the active exploitation of CVE-2021-22986. This vulnerability allows for unauthenticated, remote code execution…
BlackKingdom “Ransomware” Attacks Vulnerable Exchange Servers
Read the original article: BlackKingdom “Ransomware” Attacks Vulnerable Exchange Servers Originally reported by Bleeping Computer, security researcher Marcus Hutchins recently uncovered a ransomware campaign leveraging the ProxyLogon vulnerabilities in order to spread and infect a wide variety of targets with…
REvil Possibly Infecting Unpatched Exchange Severs, Claims Acer as Victim
Read the original article: REvil Possibly Infecting Unpatched Exchange Severs, Claims Acer as Victim On March 18th, the REvil ransomware group (also referred to as Sodinokibi) posted “proof” through their leak site that they infected Taiwanese computer giant Acer. The…
FBI: Phishing Emails Are Spreading Trickbot Malware
Read the original article: FBI: Phishing Emails Are Spreading Trickbot Malware The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning for a phishing campaign that is attempting to infect PCs with Trickbot. Trickbot, first identified…
CopperStealer Malware Steals Google, Apple, Facebook Accounts
Read the original article: CopperStealer Malware Steals Google, Apple, Facebook Accounts This new malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads…
Threat Actors Using Fake App Website to Infect Android Phones With BlackRock Trojan
Read the original article: Threat Actors Using Fake App Website to Infect Android Phones With BlackRock Trojan A new malicious app is being advertised that is pretending to be an Android version of the Clubhouse Application, which currently only available…
Zoom Screen Share Flaw Can Expose Information
Read the original article: Zoom Screen Share Flaw Can Expose Information A recently discovered bug being tracked as CVE-2021-28133 is affecting Zoom users. The flaw lies within the screen sharing function of the application and was tested on versions 5.4.3…
15-Year-Old Bugs in Linux Kernel Still Vulnerable
Read the original article: 15-Year-Old Bugs in Linux Kernel Still Vulnerable On March 12, 2021 three vulnerabilities in Linux were publicly disclosed revealing kernel issues dating back fifteen years: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 While the code is not remotely accessible, it…
15 Year Old Bug(s) in Linux Kernel Still Vulnerable
Read the original article: 15 Year Old Bug(s) in Linux Kernel Still Vulnerable On March 12, 2021 three vulnerabilities, CVE-2021-27363, 27364, and 27365 , were publicly disclosed revealing kernel issues dating back fifteen years. While the code is not remotely…
Tutor LMS WordPress Plugin Patches Several SQL Injection Vulnerabilities
Read the original article: Tutor LMS WordPress Plugin Patches Several SQL Injection Vulnerabilities Wordfence, a security company focused on WordPress security, recently made available information on several vulnerabilities they discovered within the Tutor LMS plugin back in December 2020. Tutor…
Finland Attributes Parliament Attack to APT31
Read the original article: Finland Attributes Parliament Attack to APT31 After a long period of case review, along with cooperation from partners abroad, Finnish officials have formally blamed the cyber attacks against their Parliament on the Chinese state-sponsored hacking group…
Researcher Discovers New Embedding Technique to Hide Files in Twitter Images
Read the original article: Researcher Discovers New Embedding Technique to Hide Files in Twitter Images In a tweet, David Buchanan announced he had discovered a way to post a PNG image with up to 3 megabytes of extra data that…
Payment Card Data Leaked from Seized WeLeakInfo Website
Read the original article: Payment Card Data Leaked from Seized WeLeakInfo Website In January 2020, the FBI seized the internet domain WeLeakInfo[.]com. The website served as a breach notification service, similar to HaveIBeenPwned, with one key difference. Unlike HaveIBeenPwned, WeLeakInfo…
Largest Ransomware Demand Now Stands at $30 Million as Crooks Get Bolder
Read the original article: Largest Ransomware Demand Now Stands at $30 Million as Crooks Get Bolder Ransomware attacks continue to surge, and research shows the average ransom paid to criminals by victim organizations has tripled in the last year. Cybersecurity…
PYSA Ransomware Targets Education Sector
Read the original article: PYSA Ransomware Targets Education Sector Reports from the Cyber Division of the FBI warn of an uptick in PYSA ransomware attacks that have been targeting the education sector in recent months. The actors behind the ransomware…
Outdated Android OS Still Being Used On Government Devices
Read the original article: Outdated Android OS Still Being Used On Government Devices Android, the most popular mobile operating system (OS) in the world, runs a large number of devices in the U.S. government, but only 0.08% are running the…
Critical Vulnerabilities in Microsoft DNS
Read the original article: Critical Vulnerabilities in Microsoft DNS On Tuesday March 9, 2021 Microsoft rolled out its monthly update. Included in these fixes were seven security updates involving DNS vulnerabilities and of those seven, five included remote code execution…
Blender Website Partially Restored Following Hacking Attempt
Read the original article: Blender Website Partially Restored Following Hacking Attempt The official Twitter account for blender.org, an open-source 3D graphics and animation software pipeline, announced on Sunday that the website had been brought down for maintenance due to “a hacking attempt.” During…
Microsoft Releases One-Click Mitigation for CVE-2021-26855
Read the original article: Microsoft Releases One-Click Mitigation for CVE-2021-26855 To remediate the recent Exchange server vulnerabilities, Microsoft has released a new mitigation tool to assist organizations in their efforts to help stop the ongoing exploitation against vulnerable Exchange servers.…
Magecart Attackers Hide Credit Card Data in Images
Read the original article: Magecart Attackers Hide Credit Card Data in Images Recently, attackers associated with credit card skimming attacks known collectively as “Magecart” have begun using image steganography to exfil stolen email data, as originally reported by BleepingComputer. Magecart…
Fastway Couriers Reveals Data Breach
Read the original article: Fastway Couriers Reveals Data Breach International parcel courier service Fastway Couriers has revealed that they suffered a data breach that was identified by a third-party IT service provider on February 25th, 2021 and Fastway was notified…
New PoC Puts Microsoft Exchange Bug Attacks in Reach of Anyone
Read the original article: New PoC Puts Microsoft Exchange Bug Attacks in Reach of Anyone A security researcher has released a new proof-of-concept (PoC) that requires only slight modifications to install web shells on Microsoft Exchange servers vulnerable to the…
COVID-19 Testing Service in US Exposes Patients’ Photos, Passports
Read the original article: COVID-19 Testing Service in US Exposes Patients’ Photos, Passports A COVID-19 testing service run by Premier Diagnostics exposed sensitive information of more than 50,000 people by storing data on two unsecured Amazon S3 buckets. The information…
Black Shadow Threat Actors Target Another Israel based Company
Read the original article: Black Shadow Threat Actors Target Another Israel based Company The threat actor group that goes by the name Black Shadow has hacked into the Israel-based company L.L.S Capital, a financing company. In an announcement posted to…
DearCry Ransomware Makes its Debut
Read the original article: DearCry Ransomware Makes its Debut In the wake of the ongoing rush to patch the four vulnerabilities affecting Microsoft Exchange servers, a new Ransomware called DearCry has begun to exploit those vulnerabilities. Since Microsoft confirmed its…
CISA Reports That No Federal Civilian Agency Hacked in Exchange Attacks
Read the original article: CISA Reports That No Federal Civilian Agency Hacked in Exchange Attacks In testimony before the Homeland Security Subcommittee, Eric Goldstein, CISA’s executive assistant director for cybersecurity stated, “At this point in time there are no federal…
Brazil’s National Data Protection Authority (ANPD) Announces Strategy, Begins Investigation to Combat Two Large Data Leaks
Read the original article: Brazil’s National Data Protection Authority (ANPD) Announces Strategy, Begins Investigation to Combat Two Large Data Leaks ANPD reports “it is taking all the appropriate measures” to investigate the exposure of over 200 million citizens personal information,…
The US Seizes Phishing Domains Impersonating COVID-19 Vaccine Sites
Read the original article: The US Seizes Phishing Domains Impersonating COVID-19 Vaccine Sites The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in the development of a…
Spanish Government Attacked with Ryuk Ransomware
Read the original article: Spanish Government Attacked with Ryuk Ransomware The Spanish government agency for labor has been attacked by Ryuk ransomware and following the attack, more than 700 agency offices throughout Spain have been affected. The agency’s website stated…
FIN8 Bolsters Their BADHATCH Backdoor
Read the original article: FIN8 Bolsters Their BADHATCH Backdoor After apparently lying dormant for some time, the financially motivated cybercrime group FIN8 have made their return. FIN8 threat actors have been observed recently using a new version of the BADHATCH…
Europol ‘Unlocks’ Encrypted Sky ECC Chat Service to Make Arrests
Read the original article: Europol ‘Unlocks’ Encrypted Sky ECC Chat Service to Make Arrests Sky ECC, a secure messaging platform with roughly 170,000 worldwide users from the US, Canada and Europe, was cracked by European Law Enforcement. Europol announced a…
Linux Foundation Announces Open-Source Software Signing to Combat Supply Chain Attacks
Read the original article: Linux Foundation Announces Open-Source Software Signing to Combat Supply Chain Attacks The SolarWinds attackers were able to insert malicious code into Orion software by subverting the build environment, the process which a program is compiled and…
OVH Datacenter Goes up in Flames
Read the original article: OVH Datacenter Goes up in Flames ZDNet reported that a disastrous fire has done severe damage to some of OVH’s Strasbourg datacenters. Of the damaged datacenters, SBG2 is completely destroyed, while parts of SBG1 are only…
zoMiner Botnet is Targeting Elasticsearch and Jenkins Servers
Read the original article: zoMiner Botnet is Targeting Elasticsearch and Jenkins Servers After being discovered in November 2020, the zoMiner botnet has shifted directions to target vulnerable versions of Elasticsearch and Jenkins servers. According to Qihoo 360’s Network Security Research…