News – May 2021


  • FBI: Conti Ransomware Attacks Impact Healthcare and First Responder Networks

    May 20, 2021

    The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S. ...

  • Microsoft: Massive malware campaign delivers fake ransomware

    May 20, 2021

    A massive malware campaign pushed the Java-based STRRAT remote access trojan (RAT), known for its data theft capabilities and the ability to fake ransomware attacks. In a series of tweets, the Microsoft Security Intelligence team outlined how this “massive email campaign” spread the fake ransomware payloads using compromised email accounts. Read more… Source: Bleeping Computer  

  • Conti ransomware gives HSE Ireland free decryptor, still selling data

    May 20, 2021

    The Conti ransomware gang has released a free decryptor for Ireland’s health service, the HSE, but warns that they will still sell or release the stolen data. Ireland’s HSE, the country’s publicly funded healthcare system, and the Department of Health were attacked by the Conti ransomware gang last Friday. Read more… Source:  Bleeping Computer  

  • Healthcare organizations in Ireland, New Zealand and Canada facing intrusions and ransomware attacks

    May 20, 2021

    Three healthcare institutions in Canada, Ireland and New Zealand are in the midst of security incidents this week, highlighting the perilous cybersecurity landscape within some of the world’s most important organizations. Ireland’s Department of Health was attacked twice in the last week, eventually shutting down their entire IT system after a ransomware attack last Thursday. The ...

  • Android apps exposed data of millions of users through cloud authentication failures

    May 20, 2021

    Researchers analyzing Android apps have discovered serious cloud misconfigurations leading to the potential exposure of data belonging to over 100 million users. In a report published on Thursday by Check Point Research, the cybersecurity firm said no less than 23 popular mobile apps contained a variety of “misconfigurations of third party cloud services.” Cloud services are widely ...

  • BazarCall: Call Centers Help Spread BazarLoader Malware

    May 19, 2021

    BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host. After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network. The threat actor behind BazarLoader uses different methods to distribute this malware to potential ...

  • Hackers scan for vulnerable devices minutes after bug disclosure

    May 19, 2021

    Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. The adversaries’ efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure. Read more… Source: Bleeping Computer  

  • Qlocker ransomware shuts down after extorting hundreds of QNAP users

    May 19, 2021

    The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices. Starting on April 19th, QNAP NAS device owners worldwide suddenly discovered that their device’s files were replaced by password-protected 7-zip archives. Read more… Source:  Bleeping Computer  

  • Windows PoC Exploit Released for Wormable RCE

    May 19, 2021

    A researcher has released a proof-of-concept (PoC) exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack (http.sys) that could lead to wormable remote code execution (RCE). Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch Tuesday update. This was the most severe bug in that batch: an http.sys ...

  • May Android security updates patch 4 zero-days exploited in the wild

    May 19, 2021

    According to info provided by Google’s Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month. Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month’s Android security updates were published. Read more… Source: Bleeping ...

  • How Myanmar’s military moved in on the telecoms sector to spy on citizens

    May 19, 2021

    In the months before the Myanmar military’s Feb. 1 coup, the country’s telecom and internet service providers were ordered to install intercept spyware that would allow the army to eavesdrop on the communications of citizens, sources with direct knowledge of the plan told Reuters. The technology gives the military the power to listen in on calls, ...

  • Legislation to secure critical systems against cyberattacks moves forward in the House

    May 18, 2021

    Multiple bills meant to secure critical infrastructure against cyber threats were approved by the House Homeland Security Committee on Tuesday afternoon, just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation. The committee unanimously approved the Pipeline Security Act, introduced last week by Rep. Emanuel Cleaver (D-Mo.) and a ...

  • Stalkerware Apps Riddled with Security Bugs

    May 18, 2021

    Android stalkerware apps – used to surreptitiously track people’s movements and digital activities – turn out to themselves be rife with security holes that put victims in even danger. Stalkerware can track the GPS location of a victim’s device, record conversations, capture images and snoop on browser histories. And overall, according to ESET researcher Lukas Stefanko, ...

  • Ireland: ‘Wizard Spider’ cybercrime gang claim Health Service Executive attack

    May 18, 2021

    Hackers known as Wizard Spider are spinning a web of chaos since it launched a ransomware attack on the Health Service Executive last week. The Russian hackers have claimed responsibility for the most serious ever cyberattack on Ireland’s critical infrastructure. The group, who are seeking ransom of up to €20 million in cryptocurrency, are not motivated by ...

  • UK government seeks advice on defending against supply-chain cyberattacks

    May 17, 2021

    Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S. The government’s invitation to provide feedback that will ...

  • DarkSide Hits Toshiba; XSS Forum Bans Ransomware

    May 17, 2021

    For a ransomware gang whose servers were purportedly commandeered last week, DarkSide has had a server-fueled weekend, with a reported hit on Toshiba Business. Late on Thursday night came a post to the “Exploit” underground forum that looked, at least, to be from DarkSide. It described how the gang’s blog, payment processing and denial-of-service (DoS) servers ...

  • ‘We won’t pay ransom,’ says Ireland after attack on health service

    May 17, 2021

    Ireland’s Health Service Executive (HSE) has ruled out giving in to hackers’ demands as the country’s healthcare and social services continue to deal with the disruption caused by a significant ransomware attack that occurred a few days ago. The HSE has now confirmed that a ransom has been sought by the attackers, although the exact amount ...

  • Bizarro banking Trojan expands its attacks to Europe

    May 17, 2021

    Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. We have seen users being targeted in Spain, Portugal, France and Italy. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries. Following in the ...

  • Insurer AXA hit by ransomware after dropping support for ransom payments

    May 16, 2021

    Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA’s Asian operations. Read more… Source: Bleeping Computer  

  • Russian-language cybercriminal forum ‘XSS’ bans DarkSide and other ransomware groups

    May 14, 2021

    Cybersecurity researchers with Flashpoint, Digital Shadows’ Photon Research Team and other firms have confirmed that XSS, a popular cybercriminal forum, has outright banned ransomware sales, ransomware rental, and ransomware affiliate programs on their platform, according to a announcement released in Russian. The move comes after global scrutiny of ransomware groups increased following a damaging attack on ...