News – November 2021


  • Discovering the Exploitable Security Gaps in Remote Work Spaces

    November 8, 2021

    Working and living areas are getting smarter every year as owners adopt new technology and continuously upgrade old devices to fit into modernized spaces. This has enabled many professionals to work or run their business virtually from home. International conferences can be conducted from home office spaces, major projects can be managed and modified online, ...

  • Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

    November 7, 2021

    On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. The alert explained that malicious actors were observed deploying a specific webshell and ...

  • INTERPOL-led operation takes down prolific cybercrime ring

    November 5, 2021

    SEOUL, Korea – A 30-month transcontinental investigation and operation has resulted in arrests and Red Notices for suspects believed to be behind a global malware crime network. Two Red Notices, which are internationally wanted persons alerts, have been circulated to INTERPOL’s 194 member countries following a request by Korea’s cybercrime investigation division via INTERPOL’s National Central ...

  • Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’

    November 5, 2021

    Cloudflare released its Q3 DDoS Attack Trends report this week, capping a record-setting quarter that saw a number of devastating attacks on VoIP services. Cloudflare researchers said they saw the several “record-setting HTTP DDoS attacks, terabit-strong network-layer attacks and one of the largest botnets ever deployed (Meris),” noting the emergence of ransom DDoS attacks on voice ...

  • BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

    November 4, 2021

    On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary ...

  • Ukraine links members of Gamaredon hacker group to Russian FSB

    November 4, 2021

    SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014. This Gamaredon hacking group, tracked as Armageddon by the SSU, is allegedly operated under the FSB (Russian Federal Security Service) and is believed to be responsible for over 5,000 ...

  • Remote code execution flaw patched in Linux Kernel TIPC module

    November 4, 2021

    A code execution vulnerability has been patched in the TIPC module of the Linux Kernel. The Transparent Inter Process Communication (TIPC) module has been designed to facilitate intra-cluster communication across Ethernet or UDP connections and is capable of service addressing, tracking, managing communication between nodes, and more. This protocol is implemented in a kernel module package with ...

  • Lockean multi-RaaS affiliate linked to attacks against French businesses

    November 4, 2021

    Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France’s Computer Emergency Response Team (CERT). Over the past year and a half, the threat actor has compromised the networks of at least eight French companies, stealing data and deploying malware from multiple ...

  • CISA Binding Operational Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities

    November 3, 2021

    A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Section 3553(b)(2) of title 44, U.S. Code, authorizes the Secretary of the Department of Homeland Security (DHS) to develop and oversee the implementation of binding operational directives. Federal agencies are required to comply ...

  • Mobile phishing attacks targeting energy sector surge by 161%

    November 3, 2021

    Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year’s (H2 2020) data, and the trend is showing no signs of slowing down. Although the perils of outdated and vulnerable devices plague all sectors, a new report by cybersecurity firm Lookout indicates that energy is the most targeted, followed ...

  • BlackMatter ransomware gang says it’s disbanding – again – after Ukraine arrests

    November 3, 2021

    A member of the BlackMatter (aka Darkside) ransomware gang has publicly claimed the extortionists are shutting down, causing much excitement within the infosec world. A Russian-language message reportedly posted on a forum used by ransomware criminals is said to have announced BlackMatter’s second disappearance of 2021, the gang previously pulling a disappearing act under their former ...

  • US sanctions NSO Group, Israeli spyware company at centre of Pegasus Papers

    November 3, 2021

    The US is sanctioning an Israeli spyware company that it accused of supplying technology to foreign governments “to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers”. NSO Group had been accused of assisting despotic regimes in targeting journalists, political dissidents, and human rights activists in reports earlier this year. The company responded at the ...

  • ‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

    November 3, 2021

    A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12. Tortilla, ...

  • Database firm Clearview AI told to remove photos taken in Australia

    November 3, 2021

    A firm which claims to have a database of more than 10 billion facial images has breached Australia’s privacy laws, Australian regulators say. Clearview AI lets law enforcement agencies search its database of faces. But the Office of the Australian Information Commissioner (OAIC) ordered it to stop collecting photos taken in Australia and remove ones already in ...

  • Arrests were made, but the Mekotio Trojan lives on

    November 3, 2021

    Despite the arrest of individuals connected with the spread of the Mekotio banking Trojan, the malware continues to be used in new attacks. On Wednesday, Check Point Research (CPR) published an analysis on Mekotio, a modular banking Remote Access Trojan (RAT) that targets victims in Brazil, Chile, Mexico, Spain, and Peru — and is now back ...