News – November 2021


  • Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day

    November 12, 2021

    There has been considerable debate within the cybersecurity community about Randori, a security firm that waited one year before disclosing a critical buffer overflow bug it discovered in Palo Alto Networks’ GlobalProtect VPN. The zero-day — which has a severity rating of 9.8 and was first reported by ZDNet — allows for unauthenticated, remote code execution ...

  • Mac Zero Day Targets Apple Devices in Hong Kong

    November 12, 2021

    Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. This isn’t a finely targeted campaign, but it’s a sophisticated one. The ...

  • AMD reveals an EPYC 50 flaws – 23 of them rated High severity.

    November 12, 2021

    Microsoft may have given us a mere 55 CVEs to worry about on November’s Patch Tuesday, but AMD and Intel have topped that number with fixes for their products. AMD alone dropped 50 new CVEs on Thursday, 23 of them rated of “High” concern, meaning they’re rated at between 7.0 and 8.9 on the Common Vulnerability ...

  • QAKBOT Loader Returns With New Techniques and Tools

    November 12, 2021

    QAKBOT is a prevalent information-stealing malware that was first discovered in 2007. In recent years, its detection has become a precursor to many critical and widespread ransomware attacks. It has been identified as a key “malware installation-as-a-service” botnet that enables many of today’s campaigns. Toward the end of September 2021, we noted that QAKBOT operators resumed ...

  • BotenaGo botnet targets millions of IoT devices with 33 exploits

    November 11, 2021

    The new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices. BotenaGo was written in Golang (Go), which has been exploding in popularity in recent years, with malware authors loving it for making payloads that are harder to detect and reverse engineer. In the case of BotenaGo, only ...

  • EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms

    November 11, 2021

    New research into the security posture of Europe’s top pharmaceutical giants has revealed concerning levels of vulnerabilities and weak spots in web applications. On Thursday, Outpost24 published new research that claims the top 10 pharmaceutical countries in the region are all failing to maintain a robust security posture — with 80% considered to be “critically exposed” ...

  • On the Watch for Incident Response Capabilities in the Health Sector

    November 11, 2021

    The meetings of the CSIRT Network and the CyCLONe taking place these days in Ljubljana and online, have set the stage for the publication of the new report on CSIRT capabilities for increased efficiency of incident response tools and processes of specific sectors. Health organisations such as hospitals rely today on complex critical infrastructures in order ...

  • TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments

    November 11, 2021

    In previous entries, we described how the hacking group TeamTNT targeted unsecured Redis instances, exposed Docker APIs, and vulnerable Kubernetes clusters in order to deploy cryptocurrency-mining payloads and credential stealers. TeamTNT was one of the first cybercriminal groups to focus on cloud service providers (CSPs), specifically the metadata stored on elastic computing instances being run ...

  • Magniber ransomware gang now exploits Internet Explorer flaws in attacks

    November 11, 2021

    The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. The two Internet Explorer vulnerabilities are tracked as CVE-2021-26411 and CVE-2021-40444, with both having a CVSS v3 severity score of 8.8. The first one, CVE-2021-26411, was fixed in March 2021 and is a memory corruption flaw ...

  • Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach

    November 11, 2021

    Jointly US-Dutch owned Booking.com was illegally accessed by an American attacker in 2016 – and the company failed to tell anyone when it became aware of what happened, according to explosive revelations. The alleged miscreant, named as “Andrew”, is said to have stolen “details of thousands of hotel reservations in countries in the Middle East,” according ...

  • Philippines gov takes down passport application website amid privacy leak fears

    November 11, 2021

    The Philippines’ Department of Foreign Affairs (DFA) has disabled its online passport application tracker, citing a “data privacy issue” and hinting that information could have leaked. “The DFA’s IT Unit is currently investigating the circumstances surrounding this issue and is taking appropriate measures to secure the data that may have been exposed,” states a notice on ...

  • A Peek into Top-Level Domains and Cybercrime

    November 11, 2021

    Top-level domains (TLDs), such as .com, .net, .xxx and .hu, sit at the highest level of the domain name system (DNS) naming hierarchy. When users want to acquire domain names (e.g., paloaltonetworks.com), typically, they need to register them under a TLD directly or one level lower (e.g., google.co.uk). Properties and policies of TLDs such as ...

  • New Zealand spooks say satellite snooping is obsolete – better intel is found elsewhere

    November 11, 2021

    New Zealand’s Government Communications Security Bureau (GCSB) – the nation’s signals intelligence and infosec agency – will retire its Waihopai satellite communications interception station because it’s no longer needed. “The nature of telecommunications has changed, and other needs and capabilities have overtaken the sort of satellite communication interception that has been done at Waihopai,” said Andrew ...

  • New PhoneSpy Android Spyware Poses Pegasus-Like Threat

    November 10, 2021

    Researchers discovered new Android spyware that provides similar capabilities to NSO Group’s Pegasus controversial software. Called PhoneSpy, the mobile surveillance-ware has been spotted activity targeting South Koreans without their knowledge. PhoneSpy disguises itself as a legitimate application and gives attackers complete access to data stored on a mobile device and grants full control over the targeted ...

  • Void Balaur and the Rise of the Cybermercenary Industry

    November 10, 2021

    Cybercriminals have different motivations: for example, some malicious actors have disruptive political attacks as their objective, while others might be more inclined towards cyberespionage and gathering information on their victims. Of course, financial gain remains a powerful cybercrime motivation — perhaps even the most common one. Some malicious actors, such as ransomware operators, earn directly ...