News – September 2021


  • FinSpy: unseen findings

    September 28, 2021

    FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011. Historically, its Windows implant was distributed through a single-stage installer. This version was detected and researched several times up to 2018. Since that year, we observed a decreasing detection rate of FinSpy for ...

  • Fake Installers Drop Malware and Open Doors for Opportunistic Attackers

    September 27, 2021

    It is widely known that with regard to cybersecurity, a user is often identified as the weakest link. This means that they become typical entry vectors for attacks and common social-engineering targets for hackers. Enterprises can also suffer from these individual weak links. Employees are sometimes unaware of online threats, or are unfamiliar with cybersecurity ...

  • BloodyStealer and gaming assets for sale

    September 27, 2021

    Earlier this year, Kaspersky researchers covered the threats related to gaming, and looked at the changes from 2020 and the first half of 2021 in mobile and PC games as well as various phishing schemes that capitalize on video games. Many of the threats faced by gamers are associated with loss of personal data, and ...

  • Secure those Macs: Apple must step up and support older machines

    September 27, 2021

    I have long advocated keeping machines up to date. When machines become too old to update, I’ve bitten the bullet and dumped them, even if they were still fully functional. With all the malware and ransomware, not to mention simple flaws that could cause a system to crash, it’s become necessary to keep machines up to ...

  • IoT and Zero Trust Are Incompatible? Just the Opposite

    September 27, 2021

    IoT is a big security headache for a lot of reasons. By its very nature, these devices are untrusted. They usually can’t have a security agent installed on them, they are typically designed with little thought to security, and their presence on a network can be difficult to detect as they often don’t look like ...

  • United Health Centers ransomware attack claimed by Vice Society

    September 24, 2021

    California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft. United Health Centers is a health care provider in California with twenty-one community health centers servicing Fresno, Kings, and Tulare counties. On August 31st, BleepingComputer was told by a source in the cybersecurity industry that United ...

  • Zloader malware is being spread through malicious Google ads

    September 24, 2021

    The malware is a key part of the cybercrime industry and recently popped up on the radar of Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA). CISA yesterday warned that ZLoader was being used to distribute the Conti ransomware service, which pays ransomware distributors a wage rather than a commission for new infections. Read more… Source: ...

  • TangleBot Malware Reaches Deep into Android Device Functions

    September 24, 2021

    An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According to Cloudmark researchers, the newly discovered mobile malware is spreading via SMS messaging in the U.S. and Canada, using lures about COVID-19 ...

  • Apple Patches 3 More Zero-Days Under Active Attack

    September 24, 2021

    Apple has patched three actively exploited zero-day security vulnerabilities in updates to iOS and macOS, one of which can allow an attacker to execute arbitrary code with kernel privileges. Apple released two updates on Thursday: iOS 12.5.5, which patches three zero-days that affect older versions of iPhone and iPod devices, and Security Update 2021-006 Catalina for ...

  • New advanced hacking group targets governments, engineers worldwide

    September 23, 2021

    A new hacking group targeting entities worldwide to spy on them has been unmasked by researchers. Dubbed FamousSparrow by ESET, on Thursday, the team said that the advanced persistent threat (APT) group — many of whom are state-sponsored — is a new entry to the cyberespionage space. Believed to have been active since at least 2019, the ...

  • Hackers are scanning for VMware CVE-2021-22005 targets, patch now!

    September 22, 2021

    Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. The security flaw tracked as CVE-2021-22005 impacts all vCenter Server 6.7 and 7.0 deployments with default configurations. The flaw was reported by George Noseevich and Sergey Gerasimov of SolidLab LLC, ...

  • How REvil May Have Ripped Off Its Own Affiliates

    September 22, 2021

    There’s no honor between thieves, but this is beyond rude: Malware specialists have found evidence of how REvil’s leadership may have screwed their own affiliates out of their cut of ransomware payouts. Malware specialists researching newly available samples from REvil – aka Sodinokibi, a once-major, now sort-of reborn ransomware-as-a-service (RaaS) player – have identified a backdoor ...

  • Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

    September 22, 2021

    A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to researchers – and a silent patch hasn’t fixed it. For those not in the Apple camp, the macOS Finder is the default file manager and GUI front-end used on all Macintosh operating systems. It’s ...

  • CISA, FBI, and NSA Release Conti Ransomware Advisory To Help Organizations Reduce Risk Of Attack

    September 22, 2021

    WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps that public and private sector organizations can take to reduce their risk to this ransomware. CISA ...

  • Phishing-as-a-service operation uses double theft to boost profits

    September 22, 2021

    Microsoft says BulletProofLink, a large-scale phishing-as-a-service (PhaaS) operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately. The threat actor behind BulletProofLink (also known as BulletProftLink and Anthrax) provides cybercriminals with various services, ranging from selling phish kits and email templates to providing ...