News – November 2021


  • Lazarus hackers target researchers with trojanized IDA Pro

    November 10, 2021

    A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. IDA Pro is an application that converts an executable into assembly language, allowing security researchers and programmers to analyze how a program works and discover ...

  • Telnyx is the latest VoIP provider hit with DDoS attacks

    November 10, 2021

    Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday. Telnyx is a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions. Read more… Source: Bleeping Computer  

  • Massive Zero-Day Hole Found in Palo Alto Security Appliances

    November 10, 2021

    UPDATE: Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects what Palo Alto clarified is an estimated 10,000 VPN/firewalls. Researchers have developed a working exploit to gain remote code execution (RCE) via a massive vulnerability in a security appliance from Palo Alto Networks (PAN), potentially leaving 10,000 vulnerable ...

  • Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

    November 10, 2021

    A critical security bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate. The two affected Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively. The federated working specialist pushed out a security ...

  • Indian securities depository exposed 44 million investors’ personal info – twice

    November 9, 2021

    Indian infosec consultancy CyberX9 claims it twice found records of 43.9 million shareholders exposed by systems operated by Central Depository Services Limited (CDSL) – and that the depository company responded slowly to its alerts of significant vulnerabilities. CDSL bills itself as a crucial player in India’s financial markets. It serves exchanges, investors, and issuers with depository ...

  • Average ransomware payment for US victims more than $6 million, survey says

    November 9, 2021

    A new report from Mimecast has found that the US leads the way in the size of payouts following ransomware incidents. In the “State of Ransomware Readiness” study from Mimecast, researchers spoke with 742 cybersecurity professionals and found that 80% of them had been targeted with ransomware over the last two years. Of that 80%, 39% paid ...

  • Robinhood Trading Platform Data Breach Hits 7M Customers

    November 9, 2021

    Investor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers. The trading platform, which found itself in the middle of ...

  • A set of vulnerabilities in TCP/IP stacks could leave millions of connected medical devices open to attack

    November 9, 2021

    Critical vulnerabilities in millions of connected devices used in hospital networks could allow attackers to disrupt medical equipment and patient monitors, as well as Internet of Things devices that control systems and equipment throughout facilities, such as lighting and ventilation systems. The vulnerable TCP/IP stacks – communications protocols commonly used in connected devices – are also ...

  • Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

    November 9, 2021

    Researchers have discovered 14 critical vulnerabilities in a popular program used in embedded Linux applications, all of which allow for denial of service (DoS) and 10 that also enable remote code execution (RCE), they said. One of the flaws also could allow devices to leak info, according to researchers from JFrog Security and Claroty Research, in ...

  • Meet Lyceum: Iranian hackers targeting telecoms, ISPs

    November 9, 2021

    Researchers have provided a deep dive into the activities of Lyceum; an Iranian threat group focused on infiltrating the networks of telecoms companies and internet service providers (ISPs). Lyceum, also known as Hexane, Siamesekitten, or Spirlin, has been active since 2017. The advanced persistent threat (APT) group has been linked to campaigns striking Middle Eastern oil ...

  • 6 Palestinian rights activists hacked by NSO spyware, report says

    November 8, 2021

    Security researchers disclosed Monday that spyware from the notorious Israeli hacker-for-hire company NSO Group was detected on the cellphones of six Palestinian human rights activists, half affiliated with groups that Israel’s defense minister controversially claimed were involved in terrorism. The revelation marks the first known instance of Palestinian activists being targeted by the military-grade Pegasus spyware. ...

  • US seizes $6 million from REvil ransomware, arrest Kaseya hacker

    November 8, 2021

    The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner. The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity on October 8 at the behest ...

  • Investor group acquires McAfee for more than $14 billion

    November 8, 2021

    An investor group has acquired cybersecurity giant McAfee Corporation for more than $14 billion. Led by Advent International Corporation, Permira Advisers, Crosspoint Capital Partners, Canada Pension Plan Investment Board, GIC Private, and a wholly-owned subsidiary of the Abu Dhabi Investment Authority, the investment group bought all outstanding shares of McAfee common stock for $26 per share ...

  • DDoS attacks in Q3 2021

    November 8, 2021

    Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victim’s IP address over TCP. To date, amplification attacks have mostly been carried out using the ...

  • REvil ransomware affiliates arrested in Romania and Kuwait

    November 8, 2021

    Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates on November 4, both of them allegedly responsible for infecting thousands of victims. DIICOT (the Romanian Directorate for Investigating Organized Crime and Terrorism) and judicial police officers carried out four home searches in Constanța, seizing mobile devices (laptops, mobile phones) and storage ...