News – August 2021

  • How Pipeline Owners and Operators Can Fulfill the TSA’s Second Security Directive

    August 12, 2021

    Senior officials at the Department of Homeland Security (DHS), of which the TSA is a part, announced at the time of their security directive that they would soon require pipeline organizations to implement a new set of mandatory security controls or face financial penalties. In mid-July, CISA announced the rollout of at least some of those ...

  • MSPO 2021: Defence industry giants – solid as a rock

    August 12, 2021

    Targi Kielce’s 29th International Defence Industry Exhibition promises to be one of the most important exhibitions in Poland. As of today, almost 250 companies from Poland and abroad have registered for the event, occupying nearly 20,000 sq. m of exhibition space. Following its annual tradition, the Kielce defence industry trade show brings together the most important ...

  • New AdLoad malware variant slips through Apple’s XProtect defenses

    August 11, 2021

    A new AdLoad malware variant is slipping through Apple’s YARA signature-based XProtect built-in antivirus to infect Macs as part of multiple campaigns tracked by cybersecurity firm SentinelOne. AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs), Read ...

  • Accenture Confirms LockBit Ransomware Attack

    August 11, 2021

    08/13/21 08:42 UPDATE: Accenture reportedly acknowledged in an internal memo that attackers stole client information and work materials in a July 30 “security incident.” CyberScoop reports that the memo downplays the impact of the ransomware attack. The outlet quoted Accenture’s internal memo: “While the perpetrators were able to acquire certain documents that reference a small number ...

  • Kaseya’s universal REvil decryption key leaked on a hacking forum

    August 11, 2021

    The universal decryption key for REvil’s attack on Kaseya’s customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 2nd, the REvil ransomware gang launched a massive attack on managed service providers worldwide by exploiting a zero-day vulnerability in the Kaseya VSA remote management application. This attack encrypted approximately ...

  • UNC215: Spotlight on a Chinese Espionage Campaign in Israel

    August 10, 2021

    This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle East, Europe, Asia, and North America, this report focuses on intrusion activity primarily observed at Israeli entities. This report comes on the heels of the ...

  • $600m in cryptocurrencies swiped from Poly Network servers after security snafu

    August 10, 2021

    Poly Network, a Chinese software biz that processes cryptocurrency transactions across different blockchain platforms, urged hackers to return $600m worth of stolen digital cash in what it called the “biggest in DeFi history.” DeFi stands for decentralised finance. Protocols like Poly Network allow cryptocurrency traders to exchange digicash across various blockchains; they can be used ...

  • eCh0raix ransomware now targets both QNAP and Synology NAS devices

    August 10, 2021

    A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. This ransomware strain (also known as QNAPCrypt) first surfaced in June 2016, after victims began reporting attacks in a BleepingComputer forum topic. Read more… Source: Bleeping Computer  

  • Actively Exploited Windows Zero-Day Gets a Patch

    August 10, 2021

    Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that’s listed as a zero-day that has been exploited in the wild. Of note, there are 17 elevation-of-privilege (EoP) vulnerabilities, 13 remote code-execution (RCE) issues, eight information-disclosure ...

  • Nearly one million credit cards offered on underground forum

    August 10, 2021

    Researchers with D3Lab have discovered the data of almost one million credit card holders being sold on an underground forum, according to a blog post released this week. In a sample of 980,930 files acquired by D3Lab analysts on Monday, the batch contained names, addresses, credit card numbers, expirations and CVVs. Read more… Source: ZDNet  

  • Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising

    August 9, 2021

    In a previous blog entry, we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet ...

  • Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now

    August 8, 2021

    Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. Before we get to the active scanning of these vulnerabilities, it is important to understand how they have been disclosed. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code ...

  • Australian govt warns of escalating LockBit ransomware attacks

    August 8, 2021

    The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. “ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia,” Australia’s cybersecurity agency said in a security alert issued on Thursday. Read more… Source: Bleeping Computer  

  • Angry Affiliate Leaks Conti Ransomware Gang Playbook

    August 6, 2021

    An apparently vengeful affiliate of the Conti Gang has leaked the playbook of the ransomware group after alleging that the notorious cybercriminal organization underpaid him for doing its dirty work. A security researcher shared a comment from an online forum allegedly posted by someone who did business with Conti that included information integral to its ransomware-as-as-service ...

  • More than 12,500 vulnerabilities disclosed in first half of 2021

    August 5, 2021

    Risk Based Security has released two new reports covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the amount of vulnerabilities disclosed. The company’s data breach report found that there were 1,767 publicly reported breaches in the ...