News – April 2021


  • Nvidia Warns About Severe Security Bugs in GPU Driver, vGPU Software

    April 26, 2021

    Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit (GPU) display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure. Meanwhile, the Nvidia virtual GPU (vGPU) software also has a group of bugs that could lead to a range of ...

  • The Winds of Change – What SolarWinds Teaches Us

    April 25, 2021

    In the wake of the discovery of the breach, national security agencies such as the NCSC were prompt in providing advice and guidance. Using tools such as the Cyber Information Sharing Programme (CiSP), they shared technical information on how to assess if an organization was at risk and what actions they should take if they ...

  • Hacker leaks 20 million alleged BigBasket user records for free

    April 25, 2021

    A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. BigBasket is a popular Indian online grocery delivery service that allows people to shop online for food and deliver it to their homes. Read more… Source: Bleeping Computer  

  • The big Pentagon internet mystery now partially solved

    April 24, 2021

    A very strange thing happened on the internet the day President Joe Biden was sworn in. A shadowy company residing at a shared workspace above a Florida bank announced to the world’s computer networks that it was now managing a colossal, previously idle chunk of the internet owned by the U.S. Department of Defense. That real ...

  • Ransomware by the numbers: Reassessing the threat’s global impact

    April 23, 2021

    Kaspersky has been following the ransomware landscape for years. In the past, we’ve published yearly reports on the subject: PC ransomware in 2014-2016, Ransomware in 2016-2017, and Ransomware and malicious crypto miners in 2016-2018. In fact, in 2019, we chose ransomware as the story of the year, upon noticing the well-known threat was shifting its ...

  • Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation

    April 23, 2021

    Between October 2020 and February 2021, Unit 42 researchers periodically scanned and analyzed unsecured Kubernetes (also known as k8s) clusters on the internet. Kubernetes clusters can and should be configured for greater security, but when left unsecured, these clusters can be accessed anonymously by anyone who knows their IPs, ports and APIs. Researchers identified 2,100 ...

  • Ransomware’s perfect target: Why shipping and logistics industry needs to improve cybersecurity, before it’s too late

    April 23, 2021

    Ransomware attacks against the shipping and logistics industry have tripled in the past year, as cyber criminals target the global supply chain in an effort to make money from ransom payments. Analysis by cybersecurity company BlueVoyant found that ransomware attacks are increasingly targeting shipping and logistics firms at a time when the global COVID-19 pandemic means ...

  • Passwordstate password manager hacked in supply chain attack

    April 23, 2021

    Click Studios, the company behind the Passwordstate enterprise password manager, notified customers that attackers compromised the app’s update mechanism to deliver malware in a supply-chain attack after breaching its networks. Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide, as the company claims. Its customer list includes ...

  • Ransomware is growing at an alarming rate, warns GCHQ chief

    April 23, 2021

    The scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cybersecurity to maximise profit, the director of GCHQ has warned. Organisations and their employees have been forced to adapt to different ways of working over the last year, with many now even more reliant on remote services ...

  • New cryptomining malware builds an army of Windows, Linux bots

    April 23, 2021

    A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads. First spotted by Alibaba Cloud (Aliyun) security researchers in February (who dubbed it Sysrv-hello) and active since December 2020, the botnet has also landed on the radars of researchers at ...

  • Ransomware gang offers traders inside scoop on attack victims so they can short sell their stocks

    April 23, 2021

    Brazen ransomware groups are continuing to seek out new avenues to rake in profits and ratchet up pressure on victims. In one of the latest such developments, the DarkSide ransomware group is openly coaxing stock traders to reach out and receive the inside scoop on the gang’s latest corporate victims, so they can short sell ...

  • New US Justice Department team aims to disrupt ransomware operations

    April 22, 2021

    The US Department of Justice (DoJ) is forming a new task force to deal with the “root causes” of ransomware. In an internal memo, the DoJ outlines the creation of a new initiative that will bring together current efforts in federal government to “pursue and disrupt” ransomware operations. As noted by CNN, this could include the takedown ...

  • Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns

    April 22, 2021

    Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan (RAT) dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware can take over file systems, install ransomware and leak data from victim’s PCs, ...

  • Mount Locker Ransomware Aggressively Changes Up Tactics

    April 22, 2021

    The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers. And, the change in tactics appears to coincide with a rebranding for the malware into “AstroLocker.” According to researchers, Mount Locker has been a swiftly moving threat. Having just hit the ransomware-as-a-service scene in the ...

  • SolarWinds hack analysis reveals 56% boost in command server footprint

    April 22, 2021

    A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed. The catastrophic SolarWinds security incident involved the compromise of the vendor’s network and later the deployment of malicious SolarWinds Orion updates to clients that contained a backdoor called Sunburst. Sunspot, designed to monitor the SolarWinds build ...

  • Prometei botnet is hunting for unpatched Microsoft Exchange servers

    April 22, 2021

    Cyber criminals are trying to use vulnerabilities in Microsoft Exchange servers to add to their botnet for mining cryptocurrency – but the level of access they’re gaining means they could use their access for other, much more dangerous cyberattacks. Detailed by cybersecurity researchers at Cybereason, the Prometei botnet is a widespread global campaign that is targeting ...

  • CVE-2020-24557 Trend Micro bug is being exploited in the wild

    April 22, 2021

    US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks. The vulnerability, tracked as CVE-2020-24557, affects the company’s Apex One and OfficeScan XG, two advanced security products aimed at enterprise customers. The bug was discovered ...

  • Malware and ransomware gangs have found this new way to cover their tracks

    April 22, 2021

    Theres’s been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports. While HTTPS helps prevent eavesdropping, man-in-the-middle attacks, and hijackers who try to impersonate a trusted website, the protocol has also offered cover for cybercriminals to privately share information between a ...

  • Tor-Based Botnet Malware Targets Linux Systems, Abuses Cloud Management Tools

    April 22, 2021

    The rise of threats that target Linux has dispelled the myth that there is no malware that goes after the ubiquitous operating system. As Linux attracts more attention from malicious actors, we have also started seeing threats evolving — abusing services like Ngrok and using functions to hunt and kill other competing malware. Most of the ...

  • Novel Email-Based Campaign Targets Bloomberg Clients with RATs

    April 21, 2021

    A new email-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and asserting it is likely the work of one actor from an Arabic-speaking country. Researchers ...