News – September 2021


  • Virginia National Guard confirms cyberattack hit Virginia Defense Force email accounts

    September 9, 2021

    Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs were impacted by a cyberattack in July, according to a spokesperson from the Virginia National Guard. A. A. Puryear, chief of public affairs for the Virginia National Guard, told ZDNet that the organization was notified in July about a possible cyber ...

  • Hackers leak passwords for 500,000 Fortinet VPN accounts

    September 8, 2021

    A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. This leak is a serious incident as the VPN ...

  • AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle

    September 8, 2021

    AT&T’s Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems – and which is turning target devices into cryptocurrency miners. Described by Alien Labs researcher Ofer Caspi as “one of the most active threat groups since 2020,” TeamTNT is known ...

  • Russia’s Yandex suffers biggest cyberattack yet

    September 8, 2021

    Russian Internet corporation Yandex revealed on Tuesday that the company’s servers experienced the biggest known denial-of-service (DDoS) attack in Russia’s online space last weekend. Cloudflare, an American web infrastructure firm and a partner of Yandex confirmed the record large scale of the cyberattack. The spokesperson for Russia’s tech giant mentioned that a part of the nation’s ...

  • How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users

    September 7, 2021

    When Mark Zuckerberg unveiled a new “privacy-focused vision” for Facebook in March 2019, he cited the company’s global messaging service, WhatsApp, as a model. Acknowledging that “we don’t currently have a strong reputation for building privacy protective services,” the Facebook CEO wrote that “I believe the future of communication will increasingly shift to private, encrypted ...

  • Ragnar Locker Gang Warns Victims Not to Call the FBI

    September 7, 2021

    All that the FBI/ransomware negotiators/investigators do is muck things up, so we’re going to publish your stuff if you call for help, the Ragnar Locker ransomware gang announced on its darknet data-leak site. In an announcement posted this week and seen by Bleeping Computer, the ransomware operators threatened to publish all the data of victimized organizations ...

  • Miscreants fling booby-trapped Office files at victims, no patch yet, says Microsoft

    September 7, 2021

    In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. The vulnerability, CVE-2021-40444, is described as a hole in MSHTML, Internet Explorer’s browser engine. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing ...

  • Netgear Smart Switches Open to Complete Takeover

    September 7, 2021

    Three severe Netgear vulnerabilities, codenamed Demon’s Cries, Draconian Fear and Seventh Inferno by the researcher that found them, affect 20 of the company’s managed smart switches and could allow an attacker to take them over. The bugs were patched on Friday with zero technical details made available, but the researcher has now released more details on ...

  • REvil ransomware group resurfaces after brief hiatus

    September 7, 2021

    The operators behind the REvil ransomware group have resurfaced after allegedly closing shop following the widespread attack on Kaseya that caused thousands of victims on July 4. Security researchers said all of the dark web sites for the prolific ransomware group — including the payment site, the group’s public site, the ‘helpdesk’ chat and their negotiation ...

  • TrickBot gang developer arrested when trying to leave Korea

    September 6, 2021

    An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country. The TrickBot cybercrime group is responsible for a variety of sophisticated malware targeting Windows and Linux devices to gain access to victim’s networks, steal data, and deploy other malware, such as ransomware. Seoul’s KBS (via The ...

  • East Asian online organised crime group preying on British job seekers

    September 6, 2021

    An organised group of criminals based in East Asia have defrauded job seekers in the UK and worldwide after getting a scam app on to both the Google and Apple app stores. Working with victims who have tried to track down their scammers, Sky News has learnt they were operating from Cambodia, the Philippines and China, ...

  • Data Breaches: A Chance for Opportunistic Scammers & What You Should Watch for

    September 5, 2021

    Data breaches are now part of doing business, with many companies having been affected. Data is very valuable to criminals because it is often used to commit fraudulent activities as well as to enhance the credibility of scams. Data that is stolen ranges from Social Security Numbers (SSNs) to other identification documents and payment details. Scammers ...

  • Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle

    September 4, 2021

    A Norwegian student who went wardriving around Oslo on a pushbike has discovered that several popular models of Bluetooth headphones don’t implement MAC address randomisation – meaning they can be used to track their wearers. Norwegian state broadcaster NRK revealed Bjorn Hegnes’ findings after helping him analyse Bluetooth emissions from a dozen different models of audio ...

  • Analyzing SSL/TLS Certificates Used by Malware

    September 3, 2021

    Malware has increasingly been making use of encryption to help hide their network traffic in recent years. This makes sense especially when one realizes that ordinary network traffic is increasingly encrypted as well. Google’s own Transparency Report notes that HTTPS traffic now makes up the vast majority of network traffic passed via the Google Chrome ...

  • The Evolution of Connected Cars as Defined by Threat Modeling UN R155-Listed Attack Vectors

    September 3, 2021

    The United Nations Regulation No. 155 sets provisions for cybersecurity and cyber security management systems in vehicles. A notable section of the document is Annex 5, which lists 69 attack vectors affecting vehicle cybersecurity. In order to help organizations comply with this regulation, we conducted a threat modelling exercise on the defined attack vectors as ...