News – April 2021


  • Cyberattack on UK university knocks out online learning, Teams and Zoom

    April 16, 2021

    The University of Hertfordshire has suffered a devastating cyberattack that knocked out all of its IT systems, including Office 365, Teams and Zoom, local networks, Wi-Fi, email, data storage and VPN. The university reported the hit by attackers on Wednesday, resulting in the cancellation of all online classes on Thursday and Friday. “Shortly before 22:00 on Wednesday ...

  • XCSSET Quickly Adapts to macOS 11 and M1-based Macs

    April 16, 2021

    Last year, Trend Micro reserchers first found XCSSET, which targeted Mac users by infecting Xcode projects. Initially reported as a malware family, in light of our recent findings it is now classified as an ongoing campaign. This latest update details our new research regarding XCSSET, including the ways in which it has adapted itself to ...

  • White House launches plan to protect US critical infrastructure against cyber attacks

    April 15, 2021

    The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, the Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace – such as Russia, Iran, North ...

  • It was Russia wot did it: SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US

    April 15, 2021

    Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy. One of the sanctioned companies is Positive Technologies, familiar in the West for, among other things, in-depth research ...

  • Victorian government earmarks AU$30m to lift hospital cyber capabilities

    April 15, 2021

    The Victorian government plans to invest a total of AU$30 million to upgrade and modernise the IT infrastructure of 28 of the state’s hospitals and health services in a bid to guard against further cyber attacks. The AU$30 million will be divided amongst hospitals across Melbourne and regional and rural health services. Melbourne hospitals will receive ...

  • Report: Aussie biz Azimuth cracked San Bernardino shooter’s iPhone, ending Apple-FBI privacy standoff

    April 14, 2021

    Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter’s iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed ...

  • Second Google Chrome zero-day exploit dropped on twitter this week

    April 14, 2021

    A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it. These vulnerabilities pose a ...

  • Security crucial as 5G connects more industries, devices

    April 14, 2021

    More networks, industries, and machines will be interconnected as 5G become more widely available, making security an even bigger challenge for businesses in Asia-Pacific. Along with this, they also will have to deal with the increased complexity of managing 5G infrastructures, including the use of network slicing. Beyond just providing consumers with faster data speeds, the ...

  • Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

    April 13, 2021

    While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation ...

  • Threat Assessment: Clop Ransomware

    April 13, 2021

    Unit 42 researchers have observed an uptick in Clop ransomware activity affecting the wholesale and retail, transportation and logistics, education, manufacturing, engineering, automotive, energy, financial, aerospace, telecommunications, professional and legal services, healthcare and high tech industries in the U.S., Europe, Canada, Asia Pacific and Latin America. Clop also leverages double extortion practices and hosts a ...

  • Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure

    April 13, 2021

    High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks—such as the Internet. In Mandiant’s experience, the concept of an ‘air gap’ separating OT assets from external networks rarely ...

  • CISA gives federal agencies until Friday to patch Exchange servers

    April 13, 2021

    The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first. Read more… Source: Bleeping Computer Related story: ...

  • NATO prepares for world’s largest cyber war game

    April 13, 2021

    Military cyber security specialists are preparing for the largest cyber war game in the world, which kicks off tomorrow as the fictional NATO member state of Berylia comes under attack. The real-time NATO exercise will include defenders practising the protection of critical civilian and military infrastructure, including water treatment facilities and energy plants. Amid the increasing risk ...

  • NSA discovers critical Exchange Server vulnerabilities, patch now

    April 13, 2021

    Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. All the flaws lead to remote code execution on a vulnerable machine and were discovered and reported to Microsoft by the U.S. National Security Agency (NSA). Microsoft also found some of them ...

  • HTTPS over HTTP: A Supply Chain Attack on Azure DevOps Server 2020

    April 13, 2021

    The need for data encryption during transmission has paved the way for organizations to rely on TLS — not just for sending data through the internet, but even within trusted corporate environments. Without the use of TLS or SSL, the authenticity of transmitted data and the identity of endpoint can’t be verified. In this blog, we ...

  • Capcom: Ransomware gang used old VPN device to breach the network

    April 13, 2021

    Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their ...

  • FBI nuked web shells from hacked Exchange Servers without telling owners

    April 13, 2021

    A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers’ owners. On March 2nd, Microsoft released a series of Microsoft Exchange security updates for vulnerabilities actively exploited by a hacking group known as HAFNIUM. These vulnerabilities are collectively known as ProxyLogon and were used by threat ...

  • NAME:WRECK DNS vulnerabilities affect over 100 million devices

    April 13, 2021

    Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in widespread TCP/IP stacks ...

  • Man Arrested for AWS Bomb Plot

    April 12, 2021

    A Texas man has been charged with plotting a bombing of Amazon Web Services in a quest to allegedly “kill off the internet.” Seth Aaron Pendley was arrested in Ft. Worth after allegedly attempting to get an explosive device from an undercover FBI employee in a sting. The feds were alerted to Pendley after a concerned ...

  • Winter 2020 Network Attack Trends: Internet of Threats

    April 12, 2021

    Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including ...