News – October 2021


  • Google launches Android Enterprise bug bounty program

    October 21, 2021

    Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. This builds on the introduction of several enhancements with Android 12 to boost the platform’s overall security. Security enhancements included with the latest Android version range from toggling off USB signaling on enterprise devices to block USB-based ...

  • Russian-speaking cybercrime evolution: What changed from 2016 to 2021

    October 20, 2021

    Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that ...

  • US Commerce Department’s Bureau of Industry and Security Tightens Export Controls on Items Used in Surveillance and other Malicious Cyber Activities

    October 20, 2021

    The Commerce Department’s Bureau of Industry and Security (BIS) has released an interim final rule, establishing controls on the export, reexport, or transfer (in-country) of certain items that can be used for malicious cyber activities. The rule also creates a new License Exception Authorized Cybersecurity Exports (ACE) and requests public comments on the projected impact ...

  • NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to ‘Let’s talk cyber’ event

    October 20, 2021

    NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages. The first email sent yesterday morning thanked participants for “registering for NHS Digital’s Full Digital Breakfast: Let’s talk ...

  • CISA Awards $2 Million To Bring Cybersecurity Training To Rural Communities And Diverse Populations

    October 20, 2021

    WASHINGTON – As part of its mission to recruit diverse cybersecurity talent and build the workforce of the future, the Cybersecurity and Infrastructure Security Agency (CISA) has awarded $2 million to two innovative organizations for development of cyber workforce training programs. The NPower and CyberWarrior organizations, which received the awards, will focus on the unemployed ...

  • New espionage campaign targets South East Asia

    October 20, 2021

    An espionage campaign using a previously undocumented toolset has targeted a range of organizations in South East Asia. Among the identified targets are organizations in the defense, healthcare, and information and communications technology (ICT) sectors. The campaign appears to have begun in September 2020 and ran at least until May 2021. The toolset used by the ...

  • TA505 Gang Is Back With Newly Polished FlawedGrace RAT

    October 19, 2021

    The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherrod DeGrippo, vice president, Threat Research ...

  • REvil ransomware operators claim group is ending activity again, victim leak blog now offline

    October 19, 2021

    Cybercriminals claiming to be part of the REvil ransomware group have alleged that the gang is closing shop after losing control of vital infrastructure and having internal disputes. Recorded Future security expert Dmitry Smilyanets shared multiple messages on Twitter from ‘0_neday’ — a known REvil operator — discussing what happened on the cybercriminal forum XSS. He ...

  • LightBasin hacking group breaches 13 global telecoms in two years

    October 19, 2021

    A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. Since 2019, the group hacked into more than a dozen telecommunication companies and maintained persistence through custom malware, to steal data that would serve intelligence organizations. LightBasin is active since at least 2016 and ...

  • PurpleFox Adds New Backdoor That Uses WebSockets

    October 19, 2021

    In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks. We also found a new backdoor written in .NET implanted during the intrusion, ...

  • Trickbot module descriptions

    October 19, 2021

    Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially the theft of online banking data. However, over time, its ...

  • Joint CISA, FBI and NSA Cybersecurity Advisory – BlackMatter Ransomware

    October 18, 2021

    This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations. This advisory provides information ...

  • Sinclair Confirms Ransomware Attack That Disrupted TV Stations

    October 18, 2021

    Sinclair Broadcast Group, which owns hundreds of local television stations across the U.S., confirmed Monday that it has suffered a ransomware attack. The incident is disrupting its advertising operations, among other things, and spread to many of its owned TV affiliates over the weekend, knocking local broadcast feeds off the air. The cyberattack disrupted the company’s ...

  • BlackByte ransomware decryptor released

    October 18, 2021

    A new form of malware found in a recent IT incident appears to have been inspired by other strains known to reap their operators’ huge financial rewards — but is likely the work of amateurs. Dubbed BlackByte and discovered by Trustwave, the Windows-based ransomware is considered “odd” due to some of the design and function decisions ...

  • Twitter Suspends Accounts Used to Snare Security Researchers

    October 18, 2021

    Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 – specifically used to trick security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. The campaign was first discovered by the Google Threat Analysis Group (TAG) in January and is ongoing. On Friday, Google TAG analyst Adam Weidermann confirmed that Twitter suspended the ...