News – March 2021


  • Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

    March 8, 2021

    Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics. Instead it leverages a component called CPU ring interconnect contention. This component facilitates ...

  • European Banking Authority discloses Exchange server hack

    March 8, 2021

    The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector. “The Agency has swiftly launched a full investigation, in ...

  • Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack

    March 8, 2021

    Global aviation industry IT supplier SITA has confirmed it has fallen victim to a cyberattack, with hackers gaining access to personal information of airline passengers. The information technology and communications company, which claims to serve around 90% of the world’s airlines, said that a cyberattack on February 24, 2021 led to “data security incident” involving passenger ...

  • Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

    March 8, 2021

    A possible link to China has been noted by researchers examining the exploit of SolarWinds servers to deploy malware. On Monday, Secureworks’ counter threat unit (CTU) said that during late 2020, a compromised Internet-facing SolarWinds server was used as a springboard to deploy Supernova, a .NET web shell. Similar intrusions on the same network suggest that the ...

  • Unpatched QNAP devices are being hacked to mine cryptocurrency

    March 8, 2021

    Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched by QNAP in October 2020. Cryptomining malware discovered on NAS devices compromised during this campaign ...

  • D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

    March 5, 2021

    Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15. In ...

  • Accellion zero-day claims a new victim in cybersecurity company Qualys

    March 4, 2021

    Qualys has revealed that a “limited” number of customers may have been impacted by a data breach connected to an Accellion zero-day vulnerability. The cloud security and compliance firm said on Wednesday that the security incident did not have any “operational impact,” but “unauthorized access” had been obtained to an Accellion FTA server used by the ...

  • New in Ransomware: AlumniLocker, Humble Feature Different Extortion Techniques

    March 4, 2021

    Trend Micro researchers recently discovered two new ransomware variants, AlumniLocker and Humble, which exhibit different sophisticated behaviors and extortion techniques post-encryption. One of these techniques includes an unusually high ransom payment and a threat to publicize victims’ critical data. These new variants prove that ransomware’s targeted and extortion-focused era is alive and well in 2021. Technical analyses AlumniLocker ...

  • Microsoft reveals GoldMax, Sibot and GoldFinder new malware strains used by SolarWinds hackers

    March 4, 2021

    Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims’ networks as second-stage payloads. The company now tracks the “sophisticated attacker” who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team found ...

  • GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

    March 4, 2021

    In a new report released Thursday, the U.S. Government Accountability Office (GAO) said the Department of Defense fails to communicate clear cybersecurity guidelines to contractors tasked with building systems for its weapons programs. As part of its so called congressional watchdog duties, the GAO found that Defense Department weapons programs are failing to consistently incorporate cybersecurity ...

  • New Sunshuttle Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

    March 4, 2021

    Mandiant Threat Intelligence discovered a new backdoor uploaded by a U.S.-based entity to a public malware repository in August 2020 that we have named SUNSHUTTLE. SUNSHUTTLE is written in GO, and reads an embedded or local configuration file, communicates with a hard-coded command and control (C2) server over HTTPS, and supports commands including remotely uploading ...

  • Threat Assessment: Active Exploitation of Four Zero-Day Vulnerabilities in Microsoft Exchange Server

    March 4, 2021

    On Mar. 2, 2021, Volexity reported in-the-wild-exploitation of four Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. As a result of these vulnerabilities being exploited, adversaries can access Microsoft Exchange Servers and allow installation of additional tools to facilitate long-term access into victims’ environments. There has also been a report of multiple threat actors leveraging ...

  • Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks

    March 4, 2021

    Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. Last year, cybersecurity firms Advanced Intelligence and Eclypsium released a joint report about a new malicious firmware-targeting ‘TrickBoot’ module delivered by the notorious TrickBot malware. When executed, the module will analyze a ...

  • Maza Russian cybercriminal forum suffers data breach

    March 4, 2021

    The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information. On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected ...

  • CYBERCON LONDON 2021 – Managing Fraud Risk & Cyber Security

    March 3, 2021

    PRESS RELEASE Cyber Security Review is delighted to announce a media partnership with CyberCon London 2021 – the ultimate gathering of top-level expert in the field of cyber security and financial fraud investigation, who will be joined by business leaders and C-level executives, including CIOs, CISOs, CTOs, IT managers and risk and compliance directors from businesses ...

  • Google patches actively exploited Chrome browser zero-day vulnerability

    March 3, 2021

    Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild. The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an “object lifecycle issue in audio.” Google has labeled the vulnerability as a ...

  • Kerberos KDC Security Feature Bypass Vulnerability (CVE-2020-17049 AKA Bronze Bit)

    March 3, 2021

    A recent vulnerability in the Kerberos authentication protocol, CVE-2020-17049 (dubbed Bronze Bit), has been disclosed by Microsoft. The vulnerability is in the way that the Key Distribution Center (KDC) handles service tickets and validates whether delegation is allowed. In the attack, as detailed in the Palo Alto Networks Security Operations blog, “Protecting Against the Bronze Bit ...

  • Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

    March 3, 2021

    Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects. Internal developer projects ...

  • Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory

    March 3, 2021

    Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory. The Vulnerability: Uninitialized Memory In unmanaged languages, such as C or C++, variables are not initialized ...

  • Ursnif Trojan has targeted over 100 Italian banks

    March 3, 2021

    The Ursnif Trojan has been traced back to attacks against at least 100 banks in Italy. According to Avast, the malware’s operators have a keen interest in Italian targets and attacks against these banking institutions have led to the loss of credentials and financial data. The cybersecurity firm said on Tuesday that at least 100 banks have ...