News – November 2021


  • Iranian Government-Sponsored APT Cyber Actors Exploiting MS Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

    November 17, 2021

    This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) to highlight ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, ...

  • An Investigation Into SS7 Exploitation Services On The Dark Web

    November 17, 2021

    In this latest investigative article SOS intelligence researchers will be taking a look at alleged SS7 exploitation services on the Dark Web and diving into their credibility using SOS Intelligence analytics toolkit. SS7 Significance & Background Signalling System 7 is a telecommunications protocol adopted internationally that defines how the network elements in a public switched telephone network ...

  • Russian ransomware gangs start collaborating with Chinese hackers

    November 17, 2021

    There’s some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration. These attempts to enlist Chinese threat actors are mainly seen on the RAMP hacking forum, which is encouraging Mandarin-speaking actors to participate in conversations, share tips, and collaborate on attacks. According to a new report by ...

  • Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

    November 16, 2021

    Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state actor activity during a session titled “The Iranian evolution: Observed changes ...

  • Ransomware gangs are now rich enough to buy zero-day flaws

    November 16, 2021

    Cyber criminals are becoming more advanced as they continue to find new ways to deliver attacks, and some are now willing to buy zero-day vulnerabilities, something more traditionally associated with nation-states. Knowledge about vulnerabilities and exploits can command a high price on underground forums, because being able to take advantage of them can be very profitable ...

  • The US government just launched a big push to fill cybersecurity jobs, with salaries to match

    November 16, 2021

    The US Department of Homeland Security, a key cybersecurity agency, has just announced a new system that will help it recruit, develop and retrain cybersecurity pros in the federal government. The DHS’s new recruitment system, dubbed the Cybersecurity Talent Management System (CTMS), launches amid a tight labor market for cybersecurity professionals who are in extremely high ...

  • FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment

    November 16, 2021

    Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI’s own email system on Friday night, has fingered the guy who allegedly pulled off the exploit. Troia – white hat threat hunter, cybercrime investigator and founder of security firms Night Lion Security and its rebranded version, Shadowbyte ...

  • Emotet, once the world’s most dangerous malware, is back

    November 16, 2021

    Emotet, once described as “the world’s most dangerous malware” before being taken down by a major international police operation, is apparently back – and being installed on Windows systems infected with TrickBot malware. Emotet malware provided its controllers with a backdoor into compromised machines, which could be leased out to other groups, including ransomware gangs, to ...

  • 200M Adult Cam Model, User Records Exposed in Stripchat Breach

    November 16, 2021

    A database containing the highly sensitive information on both users and models on the popular adult cam site StripChat were discovered online, left completely unprotected. The data exposure puts models and users at risk of extortion, violence and more. Stripchat is a popular site founded in 2016 and based in Cyprus that sells live access to ...

  • MosesStaff attacks organizations with encryption malware: No payment demand made

    November 16, 2021

    The MosesStaff hacking group has entered the ‘ransomware’ fray with a difference: blackmail payments are furthest from their minds. On November 15, Check Point Research (CPR) said the group began targeting organizations in Israel during September this year, joining campaigns launched by Pay2Key and BlackShadow. The focus of these operations was to deploy ransomware on their victim’s ...

  • New Rowhammer technique bypasses existing DDR4 memory defenses

    November 15, 2021

    Researchers have developed a new fuzzing-based technique called ‘Blacksmith’ that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations. The emergence of this new Blacksmith method demonstrates that today’s DDR4 modules are vulnerable to exploitation, allowing a variety of attacks to be conducted. Rowhammer is a security exploit that relies on the leaking of ...

  • High-Severity Intel Processor Bug Exposes Encryption Keys

    November 15, 2021

    A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. That’s according to Positive Technologies (PT), which found that the vulnerability (CVE-2021-0146) is a debugging functionality with excessive privileges, which is not protected as it should be. The high-severity privilege-escalation issue is ...

  • Cyprus: Surveillance firm pays $1 million fine after ‘spy van’ scandal

    November 13, 2021

    The Office of the Commissioner for Personal Data Protection in Cyprus has collected a $1 million fine from intelligence company WiSpear for gathering mobile data from various individuals arriving at the airport in Larnaca. While this is just an administrative fine under the European Union’s General Data Protection Regulation (GDPR), it is related to a scandal ...

  • Hackers compromise FBI email system, send thousands of messages

    November 13, 2021

    Hackers compromised a Federal Bureau of Investigation email system on Saturday and sent tens of thousands of messages warning of a possible cyberattack, according to the agency and security specialists. Fake emails appeared to come from a legitimate FBI email address ending in @ic.fbi.gov, the FBI said in a statement. Although the hardware impacted by the incident ...

  • Fake end-to-end encrypted chat app distributes Android spyware

    November 13, 2021

    The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. This particular RAT (remote access trojan) targets predominately Indian users, being distributed by Pakistani actors. The telemetry data on the most recent campaign shows that the targeting scope hasn’t changed, and ...