News – March 2021


  • Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service

    March 31, 2021

    Microsoft introduced the Background Intelligent Transfer Service (BITS) with Windows XP to simplify and coordinate downloading and uploading large files. Applications and system components, most notably Windows Update, use BITS to deliver operating system and application updates so they can be downloaded with minimal user disruption. Applications interact with the Background Intelligent Transfer Service by creating ...

  • Google: North Korean hackers target security researchers again

    March 31, 2021

    Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. The hackers also created a website for a fake company named SecuriElite (located in Turkey) and supposedly offering offensive security services as the Google security team focused on hunting down state-backed ...

  • 800Gbps DDoS extortion attack hits gambling company

    March 31, 2021

    Distributed denial-of-service (DDoS) attacks started strong this year, setting new records and taking the extortion trend that started last August to the next level. Internet security services company Akamai has already dealt with the largest known ransom DDoS (RDDoS) attack, which was also more complex than previously seen incidents of the same type. Bigger, more complex RDDoS Akamai ...

  • Financial Cyberthreats in 2020

    March 31, 2021

    2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventful in terms of ...

  • New Advancements in 5G, Autonomous Vehicles to Drive Market Growth

    March 31, 2021

    Various giants in the 5G and connected car industries have recently announced new technological advancements that could drive further growth in the autonomous vehicle market. Sony, NTT DOCOMO, Hyundai, Singtel, and Ford just unveiled their latest ventures that could lead to better technologies- a move that can improve connected cars of the future. The Sony Corporation partnered ...

  • APT Charming Kitten Pounces on Medical Researchers

    March 31, 2021

    Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten. The campaign—dubbed BadBlood because of its medical focus and the history of tensions between Iran and Israel–aimed ...

  • VMware patches critical vRealize Operations platform vulnerabilities

    March 31, 2021

    VMware has patched a pair of severe vulnerabilities that could lead to the theft of administrator credentials in vRealize. vRealize Operations is described as an artificial intelligence (AI)-based platform that provides “self-driving IT operations management for private, hybrid, and multi-cloud environments.” On Tuesday, the software vendor published a security advisory for the security flaws which impact VMware ...

  • APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

    March 30, 2021

    In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. We named the campaign A41APT (not APT41) which is derived from the host name “DESKTOP-A41UVJV” from the attacker’s system used in the initial infection. The actor leveraged vulnerabilities in Pulse ...

  • Department of Homeland Security email accounts exposed in SolarWinds hack

    March 30, 2021

    Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. SolarWinds, the central point of entry, was compromised by threat actors in December who were able to plant a malicious Orion ...

  • New survey report released: The state of industrial cybersecurity (Part 1)

    March 29, 2021

    The cybersecurity has been the word not only in IT world, but also in ICS/OT world. The Stuxnet targeting SCADA systems were uncovered as first ICS malware to damage nuclear plants in 2010. The Wannacry became worldwide famous ransom worm which spread on hundreds of thousands of vulnerable computers and encrypt their data in 2017. ...

  • PHP Infiltrated with Backdoor Malware

    March 29, 2021

    The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It can be embedded into HTML. The commits were pushed ...

  • Harris Federation hit by ransomware attack affecting 50 schools

    March 29, 2021

    The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday. Harris Federation is an education charity running 50 Harris primary and secondary academies with 37,000 students from London and surrounding areas. The attack hit the school trust’s systems over the weekend on Saturday, March 27, ...

  • Hades Ransomware Gang Exhibits Connections to Hafnium

    March 29, 2021

    The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers – including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques. The researchers said that its investigations into the group’s cyberattacks at the end of ...

  • Newly-Discovered Vulnerabilities Could Allow for Bypass of Spectre Mitigations in Linux

    March 29, 2021

    Two new vulnerabilities have been patched in the Linux kernel which, if exploited, could bypass existing mitigations for the Spectre vulnerabilities. The vulnerabilities were discovered by Piotr Krysiuk, a researcher on Symantec’s Threat Hunter team, who reported them to the Linux kernel security team. If left unpatched, the vulnerabilities mean that existing Spectre protections will ...

  • Ransomware admin is refunding victims their ransom payments

    March 28, 2021

    After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. It appears that this is a planned move since the admin shared the “good news” a little over a week ago, but gave no details. Shutdown followed by money-back move Ziggy ransomware shut down ...

  • Critical netmask networking bug impacts thousands of applications

    March 28, 2021

    Popular npm library netmask has a critical networking vulnerability. Netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads over its lifetime. Further, about 278,000 GitHub repositories depend ...

  • Australia cyber attacks hit television channel and parliament

    March 28, 2021

    A cyber attack has disrupted Channel Nine’s live broadcasts from Sydney, the TV company has confirmed, at the same time as an attack led to Parliament House’s email system being taken offline. As a result of the attack, the channel’s Sunday morning news programme, Weekend Today, was not aired, nor was its 5pm news show, although ...

  • Apple releases emergency update for iPhones, iPads, and Apple Watch

    March 27, 2021

    Apple has released an emergency update to patch a serious vulnerability (https://support.apple.com/en-us/HT212258) found in iOS, iPadOS, and watchOS. The patches are iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, respectively. The vulnerability, discovered by Google’s Threat Analysis Group, affects Apple’s WebKit browser engine, and what makes this an urgent update is the fact that the Apple claims that ...

  • The security dilemma of smart factories [Part 1] Specificity of the programming languages used to move industrial robots

    March 26, 2021

    Industrial robots are the core of the automation of manufacturing processes in smart factories, and are the most important components as they support the manufacture of all kinds of products such as automobiles, aircraft, processed foods, and pharmaceuticals. In addition, as equipment that realizes unmanned manufacturing in the post-COVID-19 world where minimal or no contact ...

  • Alleged Members of Egregor Ransomware Cartel Arrested

    March 26, 2021

    hree alleged members of the Egregor ransomware cartel were apprehended in Ukraine in a crackdown conducted by the French and Ukrainian authorities last month. The arrests were also made possible with the help of private-public sector partnerships, which include Trend Micro. About Egregor ransomware Since its first appearance in September 2020, Egregor ransomware has been involved in ...