News – May 2021


  • Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises

    May 25, 2021

    Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where actors with varying levels ...

  • Russian dark web marketplace Hydra cryptocurrency transactions reached $1.37bn in 2020

    May 25, 2021

    An investigation into the Hydra marketplace has revealed surging transaction volumes and a thriving — albeit illicit — cryptocurrency ecosystem. On Tuesday, Flashpoint and Chainalysis jointly released a report into Hydra, a marketplace in the dark web. At its inception in 2015, Hydra was well-known for the sale of narcotics, but as time has gone on, the ...

  • VMware warns of critical bug affecting all vCenter Server installs

    May 25, 2021

    VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs to be considered at once,” said Bob Plankers, Technical Marketing Architect at VMware. Read more… Source: Bleeping Computer  

  • Iranian hacking group targets Israel with wiper disguised as ransomware

    May 25, 2021

    An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims’ networks for months in what looks like an extensive espionage campaign. The threat actor, tracked as Agrius by SentinelLabs researchers, has targeted Israel starting with December 2020. “Initially engaged in espionage activity, Agrius deployed a set ...

  • TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack

    May 25, 2021

    Kubernetes is the most widely adopted container orchestration platform for automating the deployment, scaling, and management of containerized applications. Unfortunately, like any widely used application, it makes for an attractive target for threat actors as they are often misconfigured, especially those running primarily in cloud environments with access to nearly infinite resources. This article will ...

  • Indonesia’s national health insurance scheme leaks at least a million citizens’ records

    May 25, 2021

    Indonesia’s government has admitted to leaks of personal data from the agency that runs its national health insurance scheme On May 20th Kominfo, Indonesia’s Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial (BPJS), an ...

  • Russian to be deported after foiled Tesla ransomware plot

    May 24, 2021

    A Russian man was sentenced Monday to what amounted to time already served in U.S. government custody and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company’s Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing ...

  • North Korean hackers behind CryptoCore multi-million dollar heists

    May 24, 2021

    Security researchers piecing together evidence from multiple attacks on cryptocurrency exchanges, attributed to a threat actor they named CryptoCore have established a strong connection to the North Korean state-sponsored group Lazarus. The group is believed to have stolen hundreds of millions of U.S. dollars by breaching cryptocurrency exchanges in the U.S., Israel, Europe, and Japan over ...

  • Bluetooth flaws allow attackers to impersonate legitimate devices

    May 24, 2021

    Attackers could abuse vulnerabilities discovered in the Bluetooth Core and Mesh Profile specifications to impersonate legitimate devices during the pairing process and launch man-in-the-middle (MitM) attacks. The Bluetooth Core and Mesh Profile specifications define requirements needed by Bluetooth devices to communicate with each other and for Bluetooth devices using low energy wireless technology to enable interoperable ...

  • American Express Fined for Sending Millions of Spam Messages

    May 24, 2021

    American Express Services Europe has been fined £90,000 ($127,377) by a U.K. regulator, which found the company illegally blasted out 4 million marketing emails to customers who had opted out of receiving them. Critics said the fine, which is nominal for the multi-national financial brand, isn’t likely to do much to deter Amex, or any other ...

  • Zeppelin ransomware comes back to life with updated versions

    May 24, 2021

    The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware. A recent variant of the malware became available on a hacker forum at the end of last month, offering cybercriminals in the ransomware business complete independence. Zeppelin ransomware is ...

  • FBI Analyst Indicted for Theft of Osama bin Laden Threat Intel

    May 24, 2021

    An FBI analyst with top-secret security clearance illegally squirreled away national-security documents related to Osama bin Laden, al-Qaeda, cybersecurity and more in her home for years, the feds say. Kendra Kingsbury, who was working in the FBI’s Kansas City Division until being put on leave in December 2017, has been indicted by a federal grand jury ...

  • Apple patches macOS flaw exploited by malware to secretly snap screenshots

    May 24, 2021

    Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims’ Macs. The security flaw can also be potentially abused to access files and record video and audio from the computer. The iGiant has also released iOS and iPadOS 14.6, which fixes 43 CVE-listed security flaws and adding ...

  • Air India cyber-attack: Data of millions of customers compromised

    May 22, 2021

    India’s national airline Air India has said a cyber-attack on its data servers affected about 4.5 million customers around the world. The breach was first reported to the company in February. Details including passport and ticket information as well as credit-card data were compromised. But Air India said security details for credit cards – CVV or CVC ...

  • Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners

    May 21, 2021

    Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It’s an attack that’s more of a curiosity than anything else: it’s too difficult to pull off during an actual flight, and it’s rare these days ...

  • Florida water treatment plant was involved in second security incident before poisoning attempt: report

    May 21, 2021

    A new study from Dragos has found that a water treatment plant in Oldsmar, Florida — where hackers attempted to poison the town’s water earlier this year — was also involved in another potential breach at the same time. A browser being used on the plant’s network was traced back to a “watering hole” attack that ...

  • Phorpiex malware botnet just won’t go away

    May 21, 2021

    The Phorpiex malware botnet has lurked around the internet for years and is used to deliver ransomware, spam email and more, but now Microsoft’s security team are taking a closer look at it. The botnet has been known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure ...

  • US insurance giant CNA Financial paid $40 million ransom to regain control of systems: report

    May 21, 2021

    One of the largest insurance companies in the United States, CNA Financial, reportedly agreed to a $40 million payment to restore access to its systems following a ransomware attack. According to Bloomberg, the $40 million payment — which is $10 million more than the highest attempted demand of $30 million in 2020, already double the highest ...

  • Apple Exec Calls Level of Mac Malware ‘Unacceptable’

    May 20, 2021

    Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform. In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the level of malware threat against ...

  • Open Source Vulnerabilities Converging DevOps & SecOps

    May 20, 2021

    Workplace evolution is in favor of traditional siloes being torn down and replaced with increased cross-functional collaboration, working in lockstep to deliver better outcomes. But it is not as easy as it sounds. Security and development teams have historically worked in siloes, which has created a long- standing disconnect between them. Both teams are responsible for ...