News

January 11, 2021

On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to any known actor; instead, ...

January 11, 2021

When hostile actors penetrated the Capitol Building on January 6, they gained access to individual chambers and offices and remained at large within the Capitol complex for well over two hours. We have reports that items were stolen. One report comes from acting US Attorney for DC, Michael Sherwin, who stated “items, electronic items were stolen ...

January 11, 2021

Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated with over ...

January 11, 2021

Parler has dropped offline after Amazon pulled support for its so-called “free speech” social network. The platform had been reliant on the tech giant’s Amazon Web Services (AWS) cloud computing service to provide its alternative to Twitter. It is popular among supporters of Donald Trump, although the president is not a user. Amazon took the action after finding ...

January 8, 2021

People are being warned about a fake NHS text which is demanding bank details from people waiting for a coronavirus vaccine. Liverpool City Council said in a “scam alert” that the message had been “circulating”, advising people they were eligible for a COVID-19 jab. The National Police Chiefs’ Council (NPCC) also tweeted a warning, reminding those waiting ...

January 8, 2021

We recently spotted new attacks where, again, threat actors used shell scripts to perform their malicious activities. Based on previous attacks, these malicious scripts were typically used to deploy cryptocurrency miners. But recent cases involving these fresh samples highlighted how the scripts are developed, as they now serve other purposes besides being downloaders for cryptominers. Based ...

January 8, 2021

The United States Judiciary has announced an audit into its systems, following concerns its case file system has been compromised. In making the announcement, the Judiciary said the Administrative Office of the US Courts was working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files ...

January 8, 2021

Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials. The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services. It is ...

January 8, 2021

Nvidia has released a round of security fixes tackling high-severity issues in the Nvidia GPU display driver and vGPU software. Released on Thursday, the technology giant said the patches deal with issues that “may lead to denial of service, escalation of privileges, data tampering, or information disclosure.” In total, Nvidia has resolved 16 vulnerabilities linked to the ...

January 8, 2021

Recorded Future tracks the creation and modification of new malicious infrastructure for a multitude of post-exploitation toolkits, custom malware frameworks, and open-source remote access trojans. The effort has been ongoing since 2017, when Insikt Group created methodologies to identify the deployments of open-source remote access trojans (RATs). Recorded Future collected over 10,000 unique command and control ...