News


  • Fortinet slams Rapid7 for disclosing vulnerability before end of 90-day window

    August 17, 2021

    A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue. Rapid7 said one of its researchers, William Vu, discovered an OS command injection vulnerability in version 6.3.11 and prior of FortiWeb’s management interface. The ...

  • Afghanistan: The Taliban have seized U.S. military biometrics devices

    August 17, 2021

    The Taliban have seized U.S. military biometrics devices that could aid in the identification of Afghans who assisted coalition forces, current and former military officials have told The Intercept. The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive, according to a Joint Special Operations Command official ...

  • LockBit 2.0 Ransomware Proliferates Globally

    August 17, 2021

    The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware. Attacks in July and August have employed LockBit 2.0, according to a Trend Micro analysis released on Monday, featuring a souped-up encryption method. “In contrast to LockBit’s ...

  • Conti ransomware prioritizes revenue and cyberinsurance data theft

    August 17, 2021

    Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies. Earlier this month, a disgruntled affiliate posted to a hacking forum the IP addresses for Cobalt Strike C2 servers used by the gang and a 113 MB archive ...

  • Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

    August 17, 2021

    Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to ...

  • Brazilian National Treasury hit with ransomware attack

    August 17, 2021

    The Brazilian government has released a note stating the National Treasury has been hit with a ransomware attack on Friday (13). According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring ...

  • Secret terrorist watchlist with 2 million records exposed online

    August 16, 2021

    A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. In July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest. Read ...

  • Hive ransomware attacks Memorial Health System, steals patient data

    August 16, 2021

    In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. The attack occurred early Sunday morning and the IT department detected it once they noticed that parts of the infrastructure no longer responded as expected. Read more… Source: Bleeping ...

  • T-Mobile says hackers accessed user data but won’t confirm SSN breach of 100 million customers

    August 16, 2021

    T-Mobile is looking into allegations that a hacker stole 106GB of data containing the social security numbers, names, addresses and driver’s license information for more than 100 million people. In a statement to ZDNet, T-Mobile said it is “aware of claims made in an underground forum and have been actively investigating their validity.” Teams at T-Mobile ...

  • Exchange Servers Under Active Attack via ProxyShell Bugs

    August 15, 2021

    Researchers’ Microsoft Exchange server honeypots are being actively exploited via ProxyShell: The name of an attack disclosed at Black Hat last week that chains three vulnerabilities to enable unauthenticated attackers to perform remote code execution (RCE) and snag plaintext passwords. In his Black Hat presentation last week, Devcore principal security researcher Orange Tsai said that a ...

  • Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware

    August 13, 2021

    Cyberattackers are using Google’s reCAPTCHA (aka the “I am not a robot” function) and fake CAPTCHA-like services to obscure various phishing and other campaigns, according to researchers. There are signs however that those evasion efforts may be losing their efficacy. CAPTCHAs are familiar to most internet users as the challenges that are used to confirm that ...

  • United Nations calls for moratorium on sale of surveillance tech like NSO Group’s Pegasus

    August 13, 2021

    The United Nations has called for a moratorium on the sale of “life threatening” surveillance technology and singled out the NSO Group and Israel for criticism. The catalyst for that UN’s action is the recent allegation that NSO Group’s wares have been widely used beyond their intended purpose of national security, and instead put to work ...

  • SynAck ransomware group releases decryption keys as they rebrand to El_Cometa

    August 13, 2021

    The SynAck ransomware gang has released decryption keys for victims that were infected between July 2017 and 2021, according to data obtained by The Record. SynAck is in the process of rebranding itself as the El_Cometa ransomware gang, and a member of the old group gave the keys to The Record. Emsisoft’s Michael Gillespie confirmed the veracity ...

  • Microsoft Warns: Another Unpatched PrintNightmare Zero-Day

    August 12, 2021

    One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler. The zero-day bug, tracked as CVE-2021-36958, carries a CVSS vulnerability-severity scale rating of 7.3, meaning that it’s rated as “important.” Microsoft said that it allows for a local ...

  • IT threat evolution Q2 2021

    August 12, 2021

    It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload, generally dropped from a self-extracting archive. This was first thought to be a signature of LuckyMouse, but we ...

  • Notorious AlphaBay darknet market comes back to life

    August 12, 2021

    The AlphaBay darkweb market has come back to life after an administrator of the original project relaunched it over the weekend. At the same time, the admin announced plans for setting up a platform for darknet markets to set up shop with a strong focus on anonymity. Read more… Source: Bleeping Computer  

  • Cryptocurrency heist hacker returns $260m in funds

    August 12, 2021

    The hacker behind one of the largest cryptocurrency heists to date has returned almost half of the $600m (£433m) stolen assets. On Tuesday, the firm affected, Poly Network wrote a letter on Twitter, asking the individual to get in touch “to work out a solution”. The hacker then posted messages pledging to return funds, claiming to be ...

  • How Pipeline Owners and Operators Can Fulfill the TSA’s Second Security Directive

    August 12, 2021

    Senior officials at the Department of Homeland Security (DHS), of which the TSA is a part, announced at the time of their security directive that they would soon require pipeline organizations to implement a new set of mandatory security controls or face financial penalties. In mid-July, CISA announced the rollout of at least some of those ...

  • MSPO 2021: Defence industry giants – solid as a rock

    August 12, 2021

    Targi Kielce’s 29th International Defence Industry Exhibition promises to be one of the most important exhibitions in Poland. As of today, almost 250 companies from Poland and abroad have registered for the event, occupying nearly 20,000 sq. m of exhibition space. Following its annual tradition, the Kielce defence industry trade show brings together the most important ...

  • New AdLoad malware variant slips through Apple’s XProtect defenses

    August 11, 2021

    A new AdLoad malware variant is slipping through Apple’s YARA signature-based XProtect built-in antivirus to infect Macs as part of multiple campaigns tracked by cybersecurity firm SentinelOne. AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs), Read ...