News


  • CVE-2021-31181: Microsoft Sharepoint Webpart Interpretation Conflict Remote Code Execution Vulnerability

    June 2, 2021

    In May of 2021, Microsoft released a patch to correct CVE-2021-31181 – a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-573. This blog takes a deeper look at the root cause of this ...

  • Banking Attacks Surge Along with Post-COVID Economy

    June 2, 2021

    For many, COVID-19 has been a crushing catastrophe. But for bank scammers, it’s shaped up to be a nice little money-making opportunity. As the post-pandemic economy roars back to life, cybercriminals are using a new whirlwind of transactions as cover to launch an extraordinary number of bank fraud attacks. In just the past quarter, the number ...

  • Russian underground forums launch competitions for cryptocurrency, NFT hacks

    June 2, 2021

    Cybercriminals in underground forums have been soliciting techniques for compromising cryptocurrency services. Capture the Flag competitions, conference calls for papers, and gamification in cybersecurity courses designed to equip learners with hands-on skills are all common in the white hat realm, but in opposition, contests are also being launched by cybercriminals to create new offensive techniques. Read more… Source: ...

  • This is how attackers bypass Microsoft’s AMSI anti-malware scanning protection

    June 2, 2021

    In an investigation into techniques used to either avoid or disable AMSI, Sophos researchers said on Wednesday that threat actors will try everything from living-off-the-land tactics to fileless attacks. Perhaps the opportunities AMSI bypass represents were highlighted in a tweet by security expert Matt Graeber in 2016, in which Sophos says a single line of code ...

  • Australian Cyber Security Centre using classified capabilities to warn local entities of impending ransomware hit

    June 2, 2021

    While the Australian Cyber Security Centre (ACSC) is engaged in helping a local organisation remove and recover from a ransomware hit or cyber attack, its overseer, the Australian Signals Directorate (ASD) is able to use its more secretive powers to find out if any other organisations are on the attackers hit list. Speaking about the attack ...

  • US seizes domains used by APT29 in recent USAID phishing attacks

    June 1, 2021

    The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks. The two domains seized by the DOJ are theyardservicecom and were used to receive data exfiltrated from victims of the targeted phishing ...

  • ICT SPRING 2021: physical edition to reconnect to business

    June 1, 2021

    The international tech summit will take place next September 14-15, 2021 Press Release Luxembourg, June 1st, 2021 – Next September 14th and 15th, more than 100 international experts will participate in a new edition of ICT Spring, the renowned tech summit. The event, organized since 2010, will take place at the European Convention Center Luxembourg, at the ...

  • Cyber-Insurance Fuels Ransomware Payment Surge

    June 1, 2021

    Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic. In the first half of 2020, ransomware attacks accounted for 41 percent of the total number of filed cyber-insurance claims, according to a Cyber Claims Insurance ...

  • IT threat evolution Q1 2021

    May 31, 2021

    In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The company’s Orion IT, a solution for monitoring and managing customers’ IT infrastructure, was compromised by threat actors. This resulted in the deployment of a custom backdoor, named Sunburst, on the networks of more than 18,000 SolarWinds customers, including ...

  • HPE Fixes Critical Zero-Day in Server Management Software

    May 31, 2021

    Hewlett Packard Enterprise (HPE) has fixed a critical zero-day remote code execution (RCE) flaw in its HPE Systems Insight Manager (SIM) software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers, including the HPE ProLiant Gen10 and HPE ProLiant ...

  • U.S. Critical Infrastructure: Addressing Cyber Threats and the Importance of Prevention

    May 31, 2021

    The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society. The roads and railways that we travel on; the Internet and the mobile networks that connect us; the water that we drink; the healthcare, financial services and security ...

  • Swedish Health Agency shuts down SmiNet after hacking attempts

    May 31, 2021

    The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country’s infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening. Read ...

  • JBS USA cyber attack affecting North American and Australian systems

    May 31, 2021

    United States-based food processing company JBS USA has confirmed falling victim to a cyber attack, with the aftermath affecting its North American and Australian systems. “On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” it ...

  • Brazil approves stricter legislation to tackle online crime

    May 31, 2021

    The Brazilian government has passed new legislation introducing tougher measures against fraud and crimes perpetrated in the digital environments. According to the law 14.155 sanctioned last Thursday (27), the Brazilian Penal Code has been altered to add more stringent penalties in relation to device invasion, theft and misconduct in digital media environments, as well as crimes ...

  • New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers

    May 29, 2021

    A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility. Read more… Source: Bleeping Computer  

  • DarkSide on Linux: Virtual Machines Targeted

    May 28, 2021

    As we discussed in our previous blog, the DarkSide ransomware is targeting organizations in manufacturing, finance, and critical infrastructures in regions such as the United States, France, Belgium, and Canada. The DarkSide ransomware targets both Windows and Linux platforms. We also noticed that the Linux variant, in particular, targets ESXI servers. In this blog, we focus ...

  • Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency

    May 28, 2021

    Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds’ Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt’s post says the attacks saw Nobelium gain access to accounts on the email marketing service “Constant Contact” operated by The United States Agency for International Development ...

  • US nuclear weapon bunker security secrets spill from online flashcards since 2013

    May 28, 2021

    Details of some US nuclear missile bunkers in Europe, which contain live warheads, along with secret codewords used by guards to signal that they’re being threatened by enemies, were exposed for nearly a decade through online flashcards used for education, but which were left publicly available. The astonishing security blunder was revealed by investigative journalism website ...

  • Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

    May 27, 2021

    Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to intrusions involving compromises of Pulse ...

  • Threats From a Compromised 4G/5G Campus Network

    May 27, 2021

    Over the past two decades, industrial sectors and everyday users have reaped the benefits of advancements in telecom technologies. At present, the catalyst and basis for future changes is 5G. A sign of this continuing development and influence for some industries is their investment in non-public networks (NPN), also commonly referred to as campus networks. The ...