News


  • Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs

    August 31, 2021

    Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit (GPU) of a compromised system. While the method is not new and demo code has been published before, projects so far came from the academic world or were incomplete and unrefined. Earlier this month, the proof-of-concept (PoC) was sold on ...

  • DNS Rebinding Attack: How Malicious Websites Exploit Private Networks

    August 31, 2021

    Web-based consoles are widely adopted by management software and smart devices to provide interactive data visualization and user-friendly configuration. This is gaining momentum as enterprises’ computer systems become more complex and more modern internet of things (IoT) devices are used at home. These web applications are usually located in internal environments or private networks protected ...

  • HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

    August 30, 2021

    Hewlett Packard Enterprise (HPE) is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw could be part of a “chained attack” where an “attacker has ...

  • Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak

    August 30, 2021

    Bangkok Airways has apologized for a data breach involving passport information and other personal data in a statement to customers. The company said that it discovered a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system” on August 23. The statement said the company is “deeply sorry for the worry and inconvenience that ...

  • Fujitsu says stolen data being sold on dark web ‘related to customers’

    August 30, 2021

    Data from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo, but the company said the information “appears related to customers” and not their own systems. On August 26, Marketo wrote on its leak site that it had 4 GB of stolen data and was selling it. They provided ...

  • QNAP works on patches for OpenSSL bugs impacting its NAS devices

    August 30, 2021

    Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync (a backup and disaster recovery app), ...

  • Indonesia: 1.3 million people had their sensitive personal data, COVID-19 test results and more exposed on an open server.

    August 30, 2021

    Researchers with vpnMentor have uncovered a data breach involving the COVID-19 test and trace app created by the Indonesian government for those traveling into the country. The ‘test and trace app’ — named electronic Health Alert Card or eHAC — was created in 2021 by the Indonesian Ministry of Health but the vpnMentor team, lead by ...

  • API Releases New Standard for Pipeline Control Systems

    August 30, 2021

    On August 18, 2021, the American Petroleum Institute (API) released the third edition of Standard 1164, Pipeline Control Systems Cybersecurity. The edition has been in development since 2017—a result of expert input from over 70 organizations, including the US’s Department of Energy, Cybersecurity and Infrastructure Security Agency, and the American Gas Association. “The new edition API ...

  • New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)

    August 30, 2021

    Unit 42 researchers have observed exploits in the wild for a recently disclosed command injection vulnerability affecting WebSVN, an open-source web application for browsing source code. The critical command injection vulnerability was discovered and patched in May 2021. A proof of concept was released and within a week, on June 26, 2021, attackers exploited the ...

  • Cloudflare says it stopped the largest DDoS attack ever reported

    August 27, 2021

    Cloudflare said it’s system managed to stop the largest reported DDoS attack in July, explaining in a blog post that the attack was 17.2 million requests-per-second, three times larger than any previous one they recorded. Cloudflare’s Omer Yoachimik explained in a blog post that the company serves over 25 million HTTP requests per second on average ...

  • Ransomware: It’s only a matter of time before a smart city falls victim, and we need to take action now

    August 27, 2021

    Ransomware attacks are going to get worse – and one could eventually take out the infrastructure of an entire 5G-enabled smart city, a cybersecurity expert has warned. Cyber criminals deploying ransomware regularly target government services. Not only do public sector IT budgets mean networks are less secure against attacks, but said networks are also used to ...

  • Ragnarok ransomware releases master decryptor after shutdown

    August 26, 2021

    Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files The leak ...

  • Microsoft Breaks Silence on Barrage of ProxyShell Attacks

    August 26, 2021

    Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange servers “to deploy ransomware or conduct other post-exploitation activities” and urging ...

  • FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia

    August 26, 2021

    The FBI has released an alert about the Hive ransomware after the group took down Memorial Health System last week. The alert explains that Hive is an affiliate-operated ransomware first seen in June that deploys “multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol to move ...

  • US Media, Retailers Targeted by New SparklingGoblin APT

    August 25, 2021

    An emerging international cybergang is broadening its targets to include North American media firms, universities and one computer retailer. The advanced persistent threat (APT) group is new, according to researchers who dubbed it SparklingGoblin. Also new is a novel backdoor technique, called SideWalk, used by the APT to penetrate cybersecurity defenses. SparklingGoblin, according to ESET researchers ...

  • Cisco Issues Critical Fixes for High-End Nexus Gear

    August 25, 2021

    Cisco Systems released six security patches tied to its high-end 9000 series networking gear ranging in importance from critical, high and medium severity. The most serious of the bugs patched by Cisco (rated 9.1 out of 10) could allow a remote and unauthenticated adversary to read or write arbitrary files on to an application protocol interface ...

  • Critical F5 BIG-IP bug impacts customers in sensitive sectors

    August 25, 2021

    BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. The issues are part of this month’s delivery of security updates, which addresses almost 30 vulnerabilities for multiple F5 devices.. Of the thirteen high-severity flaws that F5 fixed, one ...

  • New Campaign Sees LokiBot Delivered Via Multiple Methods

    August 25, 2021

    Trend Micro researchers recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older vulnerabilities. This blog entry describes and provides an example of one the methods used in the campaign, as well as a short analysis of the payload. We found that one of the command-and-control (C&C) servers ...

  • Worldwide Phishing Attacks Ramped Up At the Peak of Working From Home

    August 25, 2021

    With more and more companies choosing to allow for flexible (hybrid/remote) work environments post-pandemic, we investigated the unique cyberthreats employees working from home face. Palo Alto analysis focused primarily on trends in Palo Alto firewall traffic and phishing pages detected by our URL Filtering service from September 2019 to April 2021. We found that in early ...

  • Biden to host summit with tech moguls on combating cyberattacks

    August 25, 2021

    United States President Joe Biden is set to host leaders from the country’s largest technology and finance firms at the White House on Wednesday to discuss how to shore up their cybersecurity defences in the face of increasingly complex attacks. The meeting with top executives comes as Congress considers legislation regarding data-breach notification laws and cybersecurity ...