News – April 2021


  • Verification and Zero Trust: I Hear You Knocking But Can I Let You In?

    April 21, 2021

    One of the biggest problems with digital communication is the illusion that it has taken place with the correct person. Symantec, as a division of Broadcom, believes digital communications are based on trust. Applications trust that the person requesting access or giving commands is actually authorized to do so, but that isn’t always the case. ...

  • White House: Here’s what we’ve learned from tackling the SolarWinds and Microsoft Exchange Server cyber incidents

    April 21, 2021

    Lessons learned from responses to the SolarWinds and Microsoft Exchange cyber incidents will be used to coordinate action against future cybersecurity and hacking incidents, the White House has said. Both incidents required the United States to react to cyberattacks by nation-state hacking operations affecting thousands of organisations across the country – Russian intelligence compromised SolarWinds in ...

  • AirDrop bugs expose Apple users’ email addresses, phone numbers

    April 21, 2021

    A team of academics from a German university said it discovered two vulnerabilities that can be abused to extract phone numbers and email addresses from Apple’s AirDrop file transfer feature. The two bugs reside in the authentication process during the initial phase of an AirDrop connection, where devices try to discover each one another and determine ...

  • Carbanak and FIN7 Attack Techniques

    April 20, 2021

    Constant monitoring of threat groups is one of the ways that security researchers and law enforcement agencies are able defend systems against cybercrime. Among these cybercriminals are financially motivated threat groups Carbanak and FIN7. Although both names have at times been used to refer to the same group, organizations such as MITRE identifies them as ...

  • Pulse Secure VPN zero-day used to hack defense firms, govt orgs

    April 20, 2021

    Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks. To mitigate the vulnerability tracked as CVE-2021-22893 (with a maximum 10/10 severity score), Pulse Secure advises customers with gateways ...

  • GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

    April 20, 2021

    Threat actors stole driver license numbers from customers of GEICO insurance for nearly two months earlier this year due to a security flaw on its website that has since been fixed. The second-largest auto insurance provider in the United States disclosed the vulnerability in a data breach notice filed earlier this month with the California attorney ...

  • Lazarus hacking group now hides payloads in BMP image files

    April 20, 2021

    The Lazarus group has tweaked its loader obfuscation techniques by abusing image files in a recent phishing campaign. Lazarus is a state-sponsored advanced persistent threat (APT) group from North Korea. Known as one of the most prolific and sophisticated APTs out there, Lazarus has been in operation for over a decade and is considered responsible for worldwide ...

  • Fake Microsoft Store, Spotify sites spread info-stealing malware

    April 20, 2021

    Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. The attack was discovered by cybersecurity firm ESET who issued a warning yesterday on Twitter to be on the lookout for the malicious campaign. In a conversation with Jiri Kropac, ...

  • Ransomware gang tries to extort Apple hours ahead of Spring Loaded event

    April 20, 2021

    The operators of the REvil ransomware are demanding that Apple pay a ransom demand to avoid having confidential information leaked on the dark web. The REvil crew claims it came into possession of Apple product data after breaching Quanta Computer, a Taiwanese company that is the biggest laptop manufacturer in the world and which is also ...

  • Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

    April 20, 2021

    In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device. The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a ...

  • Just What The Cyber Doctors Ordered – OT For Pharmaceutical Companies

    April 20, 2021

    Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to Bloomberg News. A couple of ...

  • Government intervenes in sale of UK chip designer Arm over national security implications

    April 19, 2021

    A “high-level manager” of the FIN7 hacking group has been sentenced to ten years in prison. The planned $40bn (£29bn) sale of UK-based chip designer Arm Holdings will be scrutinised by regulators over potential national security concerns after an intervention by the government. Digital secretary Oliver Dowden has stepped in after current owner, Japanese conglomerate Softbank, agreed ...

  • ‘High-level’ organiser of FIN7 hacking group sentenced to ten years in prison

    April 19, 2021

    The US Department of Justice described Ukranian national Fedir Hladyr, 35, as a systems administrator for the FIN7 hacking group. He was arrested in Germany, in 2018 at the request of U.S. law enforcement and was extradited to Seattle. In September 2019, he pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy ...

  • The Security dilemma of smart factories [Part 3] Fundamental security risks in robot languages

    April 19, 2021

    Industrial robots are the core of the automation of manufacturing processes in smart factories, and are the most important components as they support the manufacture of all kinds of products such as automobiles, aircraft, processed foods, and pharmaceuticals. In addition, as equipment that realizes unmanned manufacturing in the post-COVID-19 world where minimal or no contact ...

  • Cybercrime rises by almost 40% in Moscow since beginning of 2021

    April 19, 2021

    The number of cyber crimes in Moscow rose by almost 40% since the beginning of the year, “More than 14,600 crimes involving information and communication technologies were recorded in Moscow in the first quarter of the year, up 38% compared to the same period last year,” the statement reads. According to the prosecution authorities, most cyber criminals ...

  • Connected car cybersecurity a concern for consumers- HSB Survey

    April 19, 2021

    According to the Cyber Survey, 37% of respondents were somewhat or very concern about the cybersecurity and safety of connected cars. Meanwhile, 35% expressed their fear that a virus, a hack, or any other cyber-attack could destroy their car’s data, software, or operating systems. Eleven percent of respondents also said they drive an electric car, while ...

  • Discord Nitro gift codes now demanded as ransomware payments

    April 18, 2021

    In a novel approach to ransom demands, a new ransomware calling itself ‘NitroRansomware’ encrypts victim’s files and then demands a Discord Nitro gift code to decrypt files. While Discord is free, they offer a Nitro subscription add-on for $9.99 per month that provides additional perks, such as larger uploads, HD video streaming, enhanced emojis, and the ...

  • Ryuk ransomware operation updates hacking techniques

    April 17, 2021

    Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Furthermore, using targeted phishing emails to deliver the malware continues ...

  • NSA: 5 Security Bugs Under Active Nation-State Cyberattack

    April 16, 2021

    The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. ...

  • BazarLoader Malware Abuses Slack, BaseCamp Clouds

    April 16, 2021

    The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. The BazarLoader downloader, written in C++, has the primary function of downloading and executing ...