News – August 2021


  • Pakistan: Neglect caused Federal Board of Revenue cyber-attack

    August 22, 2021

    Despite knowing that its information technology equipment is obsolete and some of its software is outdated, the Federal Board of Revenue (FBR) did not make any serious effort to upgrade them, which resulted into hacking of the data centres. The systems were not improved even though the World Bank approved an $80 million loan two years ...

  • LockFile ransomware uses PetitPotam attack to hijack Windows domains

    August 20, 2021

    At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. Behind the attacks appears to be a new ransomware gang called LockFile that was first seen in July, which shows some resemblance and references to other groups in ...

  • Indiana: COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate

    August 19, 2021

    This week, the Indiana Department of Health issued a notice that the state’s COVID-19 contact-tracing system had been exposed via a cloud misconfiguration, revealing names, emails, gender, ethnicity, race and dates of birth of more than 750,000 people. The incident shows that COVID-19 data could be poised for abuse and misuse, according to experts, which is ...

  • Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action

    August 19, 2021

    Ransomware is one of the biggest cybersecurity threats to businesses today, and cyber criminals can potentially make millions of dollars in Bitcoin for a single successful attack. This lure of quickly making large sums of money is attracting interest from across the cyber-criminal spectrum, from sophisticated gangs specialising in ransomware attacks, to affiliate schemes where wannabe ...

  • Diavol ransomware sample shows stronger connection to TrickBot gang

    August 18, 2021

    A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. The recent research is the second one that finds common ground in the code of the two threats, tying them to the same actor. Previous analysis of Diavol (Romanian for Devil) ...

  • The Next Disruptive ICS Attacker: An Advanced Persistent Threat (APT)?

    August 18, 2021

    No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence ...

  • US Census Bureau hacked in January 2020 using Citrix exploit

    August 18, 2021

    US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. “The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab ...

  • HolesWarm Malware Exploits Unpatched Windows, Linux Servers

    August 18, 2021

    By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between attacks, researchers at Tencent who first identified HolesWarm refer to ...

  • US agencies scrub websites in bid to protect Afghans

    August 18, 2021

    Multiple United States agencies that operated in Afghanistan and worked with Afghan citizens have been hastily purging their websites, removing articles and photos that could endanger the Afghan civilians who interacted with them and now fear retribution from the Taliban. The online scrubbing campaign appeared to begin late last week when it became clear that the ...

  • Japanese insurer Tokio Marine discloses ransomware attack

    August 18, 2021

    Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. The announcement came at the beginning of the week and contains little information about the incident outside the action taken to deal with the intrusion. Read more… Source: Bleeping Computer  

  • CISA Alert: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

    August 17, 2021

    On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries. BlackBerry QNX RTOS is ...

  • Govt hackers impersonate HR employees to hit Israeli targets

    August 17, 2021

    Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets. The campaigns have been attributed to the Iranian APT group known as Lyceum, Hexane, and Siamesekitten, running espionage campaigns since at least 2018. In multiple attacks detected in May and ...

  • Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military

    August 17, 2021

    While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer. The NSO Group’s spyware spurred a collaborative investigation that found that it was being used to target high-ranking individuals in 11 different countries. In this blog ...

  • Fortinet slams Rapid7 for disclosing vulnerability before end of 90-day window

    August 17, 2021

    A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue. Rapid7 said one of its researchers, William Vu, discovered an OS command injection vulnerability in version 6.3.11 and prior of FortiWeb’s management interface. The ...

  • Afghanistan: The Taliban have seized U.S. military biometrics devices

    August 17, 2021

    The Taliban have seized U.S. military biometrics devices that could aid in the identification of Afghans who assisted coalition forces, current and former military officials have told The Intercept. The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive, according to a Joint Special Operations Command official ...