News – November 2021


  • Step Towards Foresight on Emerging Cybersecurity Challenges

    November 22, 2021

    ENISA kicks off a new area of work in line with its Strategy objective “Foresight on Emerging and Future Cybersecurity Challenges”. As a key element of ENISA’s strategy, foresight increases knowledge and understanding of emerging and future challenges, thus providing a path to find solutions that address those challenges and bolster EU resilience to cybersecurity threats. What ...

  • Data from millions of Brazilians exposed in Wi-Fi management software firm leak

    November 22, 2021

    A Brazilian Wi-Fi management software firm exposed data of various high profile companies and millions of their customers. The data was leaked by WSpot, which provides software that enables businesses to secure their on-premise Wi-Fi networks and allow password-free online access to their customers. The leak was discovered by security research firm SafetyDetectives. The researchers found WSpot’s ...

  • Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

    November 22, 2021

    Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader that showed up in September, or whether SquirrelWaffle is just one piece of malware among several ...

  • GoDaddy’s Latest Breach Affects 1.2M Customers

    November 22, 2021

    Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers. On Monday, the world’s largest domain registrar said in a public filing to the SEC that an “unauthorized third party” managed to infiltrate its systems on Sept. 6 – and that the person(s) had continued access for almost ...

  • Emotet botnet comeback orchestrated by Conti ransomware gang

    November 19, 2021

    The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang. Security researchers at intelligence company Advanced Intelligence (AdvIntel) believe that restarting the project was driven by the void Emotet itself left behind on the high-quality initial access market after law enforcement took it ...

  • Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

    November 19, 2021

    Security researchers have checked the web’s public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities. Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be reasonably confident that your bank website is actually your bank website when it presents your browser ...

  • RedCurl corporate espionage hackers resume attacks with updated tools

    November 18, 2021

    A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia. Tracked as RedCurl, the group attacked the Russian business twice this year, each time using carefully constructed spear-phishing emails with initial-stage malware. Active since 2018, RedCurl is responsible for at least 30 ...

  • Iranian targeting of IT sector on the rise

    November 18, 2021

    Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain. Microsoft has observed multiple Iranian threat actors targeting the IT ...

  • Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials

    November 18, 2021

    A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Researchers from DomainTools discovered the suspicious PDFs – which themselves do not include malicious content – back in July, wrote Senior Security Researcher Chad Anderson, in a report ...

  • Android malware BrazKing returns as a stealthier banking trojan

    November 18, 2021

    The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions. A new malware sample was analyzed by IBM Trusteer researchers who found it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages. These HTTPS sites warn ...

  • North Korean cyberspies target govt officials with custom malware

    November 18, 2021

    A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky (aka Thallium). TA406 has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion. However, in March and June 2021, ...

  • UK and US join forces to strike back in cyber-space

    November 18, 2021

    The US and UK are joining forces to “impose consequences” on their shared adversaries who conduct malicious cyber-activities. The combined action would address “evolving threats with a full range of capabilities”, they said. The shared adversaries were not named but the announcement follows increasing concern over Russia-based ransomware. Read more… Source: BBC News  

  • Hackers deploy Linux malware, web skimmer on e-commerce servers

    November 18, 2021

    Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops’ websites. The PHP-coded web skimmer (a script designed to steal and exfiltrate customers’ payment and personal info) is added and camouflaged as a .JPG image file in the /app/design/frontend/ folder. The attackers use ...

  • FBI: An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software

    November 17, 2021

    As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN® device software1 going back to at least May 2021. The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and ...

  • Evil Corp: ‘My hunt for the world’s most wanted hackers’

    November 17, 2021

    Many of the people on the FBI’s cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein. “We’re ...