News – June 2021

  • ZDI-21-502: An Information Disclosure Bug In ISC Bind Server

    June 16, 2021

    Last year, we received a submission of a remote code execution vulnerability in the ISC BIND server. Later, that same anonymous researcher submitted a second bug in this popular DNS server. Similar to the first bug, it exists within the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) component, and its location is quite close to ...

  • Apple Hurries Patches for Safari Bugs Under Active Attack

    June 15, 2021

    Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that “may have been actively exploited,” according to a Monday security bulletin by the company. The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018. “Apple is aware of a report that this issue may ...

  • NATO summit communiqué compares repeat cyberattacks to armed attacks

    June 15, 2021

    A communiqué issued at the conclusion of the NATO summit has called for China to observe the laws of cyberspace, and set out new standards by which members of the alliance will consider cyberattacks. The new standard refers to Article 5 of the 1949 North Atlantic Treaty, as it declares that an attack on a single ...

  • Critical remote code execution flaw in thousands of VMWare vCenter servers remains unpatched

    June 15, 2021

    Researchers have warned that thousands of internet-facing VMWare vCenter servers still harbor critical vulnerabilities weeks after patches were released. The vulnerabilities impact VMWare vCenter Server, a centralized management utility. VMWare issued patches for two critical bugs, CVE-2021-21985 and CVE-2021-21986, on May 25. Read more… Source: ZDNet  

  • Paradise Ransomware source code released on a hacking forum

    June 15, 2021

    The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation. Released on the hacking forum XSS, the link to the source code is only accessible to active users on the site who have previously replied to or reacted to ...

  • Andariel evolves to target South Korea with ransomware

    June 15, 2021

    In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. While we were doing our research into these findings, Malwarebytes published a nice report with technical details about the same series of attacks, which they attributed to the Lazarus ...

  • REvil ransomware hits US nuclear weapons contractor

    June 14, 2021

    US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack. Sol Oriens describes itself as helping the “Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms carry out complex programs.” However, job postings first ...

  • Microsoft: SEO poisoning used to backdoor targets with malware

    June 14, 2021

    Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan (RAT) capable of stealing the victims’ sensitive info and backdooring their systems. The malware delivered in this campaign is SolarMarker (aka Jupyter, Polazert, and Yellow Cockatoo), a .NET RAT that runs in memory and is used by ...

  • Utilities ‘Concerningly’ at Risk from Active Exploits

    June 14, 2021

    The amount of time that utility networks spend exposed to a known application exploit has spiked over the past two months — something analysts called out as a “concerning datapoint,” and an important reminder that ransomware isn’t the only threat utility networks need to secure against. A new report from WhiteHat Security measured the amount of ...

  • G7 leaders ask Russia to hunt down ransomware gangs within its borders

    June 14, 2021

    G7 (Group of 7) leaders have asked Russia to urgently disrupt ransomware gangs believed to be operating within its borders, following a stream of attacks targeting organizations from critical sectors worldwide. The G7 member states also expressed their commitment to work together to address the escalating and immediate ransomware threat as a global challenge. Read more… Source: Bleeping ...

  • The AN0M fake secure chat app may have been too clever for its own good

    June 14, 2021

    Late last week, FBI International Operations Division legal attaché for Australia Anthony Russo added another important piece of information: speaking to Australian newspapers he said one reason for discontinuing use of AN0M was that it produced too much intelligence. “The volume was increasing at a scale and our ability to resource it and monitoring ...

  • Audi, Volkswagen data breach affects 3.3 million customers

    June 12, 2021

    Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet. Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc. Read more… Source: ...

  • UK tells UN that nation-states should retaliate against cyber badness with no warning

    June 11, 2021

    Britain has told the UN that international cyber law should allow zero-notice digital punishment directed at countries that attack others’ infrastructure. A statement made by UK diplomats to the UN’s Group of Governmentcrital Experts on Advancing Responsible State Behaviour in the Context of International Security (UN GGE) called for international law to permit retaliation for cyber ...

  • Avaddon ransomware shuts down and releases decryption keys

    June 11, 2021

    The Avaddon ransomware gang has shut down operation and released the decryption keys for their victims to This morning, BleepingComputer received an anonymous tip pretending to be from the FBI that contained a password and a link to a password-protected ZIP file. Read more… Source: Bleeping Computer  

  • McDonald’s discloses data breach after theft of customer, employee info

    June 11, 2021

    McDonald’s, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan. As the world’s global foodservice retailer, McDonald’s serves almost hundreds of millions of customers every day in more than 39,000 locations in over 100 countries, ...