| Day | Writer | News | |
| Category | Source | ||
| 17.10. -1 | skylark | Researchers at Morphisec Labs have published fresh details about a new MirrorBlast campaign that they say is run by a Russia-based threat group TA505, targeting financial services organizations. The campaign delivers MirrorBlast via a phishing email that contains malicious links that download a weaponized Excel document with embedded macros and which has low detections on VirusTotal, making it dangerous for organizations that depend on detection-based security and sandboxing, according to Morphisec Labs. | |
| A-S | infoRISK today, Prajeet Nair, https://www.inforisktoday.com/mirrorblast-campaign-targets-finance-sector-using-macros-a-17745 | ||
| 16.10. -1 | skylark | Government authorities in Israel are warning healthcare sector entities in the country of potential cyberattacks after a ransomware attack this week on Hillel Yaffe Medical Center in the city of Hadera. In a statement Wednesday, the 506-bed, Hillel Yaffe Medical Center said it was dealing with "a totally unexpected ransomware cyberattack" that targeted the hospital’s computer systems. | |
| A-S | infoRisk TODAY, Marianne Kolbasuk McGee, https://www.inforisktoday.com/ransomware-attack-on-israeli-medical-center-raises-alarm-a-17740 | ||
| 14.10. | skylark | Thingiverse, a website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 228,000 unique email addresses and other personally identifiable information, confirms Troy Hunt, creator of the Have I Been Pwned data breach notification service. Hunt says of the leaked data, "There is data on the 3D models that are publicly accessible, but there are also email and IP addresses, usernames, physical addresses and full names." No plain-text passwords were leaked. | |
| A-S | inforisktoday, Mihir Bagwe, https://www.inforisktoday.com/thingiverse-data-leak-affects-25-million-subscribers-a-17729?&web_view=true | ||
| 14.10. | Nenda | The CEO of the Finnish public service media company has died. This has brought grief but also problems with the password management in this huge company, Yle. All the passwords for viewing money transactions, meetings, annual reports and many other important information has now disappeared like ashes into the wind. Even with the help of experts they have only recovered one fifth of the locked information. The situation has made lot of work for the employee's of Yle. Now Finnish organizations are being trained to be prepared if the CEO isn't suddenly fit to work. [Finnish] | |
| O-g | Iltasanomat, Yle Toiminnanjohtaja kuoli ja salasanat menetettiin. Tiedot jaivat pysyvasti lukkoon, Tuomas Linnake and Henrik Karkkainen, https://www.is.fi/digitoday/tietoturva/art-2000008329992.html | ||
| 13.10. | skylark | Critical security issues in the OpenSea NFT marketplace (non-fungible token) that allowed attackers to steal cryptocurrency wallet funds have been patched. The Check Point Research (CPR) team said that flaws in the OpenSea NFT marketplace could have allowed "hackers to hijack user accounts and steal entire crypto wallets of users, by sending malicious NFTs." The researchers disclosed their findings to OpenSea on September 26. Within less than an hour, the marketplace had triaged and verified the security issues and deployed a fix. | |
| I-G | zdnet, Charlie Osborne, https://www.zdnet.com/article/bugs-allowing-malicious-nft-uploads-uncovered-in-opensea-marketplace/?&web_view=true | ||
| 13.10. | Nenda | Sharing a password to your friend directly can be very risky. There is a password app called 1Password that claims to be easy and secure. Using the app a password can be sent through an email and the sender can set how many times the link can be opened or from who the link can be opened. Also the receiver needs to have his/her email approved by the app. This method is called Psst!-method (Pasword Secure Sharing Tool). This app seems to have monthly payments. [Finnish] | |
| I-s | mobiili,fi, Helppo ja tietoturvallinen tapa jakaa salasana kaverille. 1Password sai uuden Psst-toiminnon, Petri Tapala, https://mobiili.fi/2021/10/13/helppo-ja-tietoturvallinen-tapa-jakaa-salasana-kaverille-1password-sai-uuden-psst-toiminnon/ | ||
| 13.10. -1 | JustASinner | Three flaws in the OpenOffice and LibreOffice have been discovered and patched out in the newest versions of these productivity software. The vulnerabilities, could have been weaponized by malicious actors to alter documents to make them appear as if they were digitally signed by a trusted source. The findings are the latest in a series of flaws uncovered by the Ruhr-University Bochum researchers and follow similar attack techniques disclosed earlier this year that could potentially enable an adversary to modify a certified PDF document's visible content by displaying malicious content over the certified content without invalidating its signature. | |
| I-S | The Hacker News, Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice, Ravie Lakshmanan, https://thehackernews.com/2021/10/digital-signature-spoofing-flaws.html | ||
| 12.10. -1 | uche | A US optometry group has disclosed a data breach related to unauthorized activity on internal email accounts. Oregon Eye Specialists, which runs six clinics throughout Portland, said the exposed data includes customers’ names and one or more of the following: dates of birth, dates of service, medical record numbers, financial account information, and health insurance provider names and/or policy numbers. | |
| A-s | (I) Oregon Eye Specialists discloses data breach | ||
| 12.10. | uche | The US National Security Agency (NSA) is warning organizations to avoid using wildcard digital encryption certificates in order to minimize the risk from a new form of TLS traffic decryption attacks. As they cover multiple domains, so-called wildcard TLS certificates remove the need for an organization to obtain a certificate for every subdomain they own. While common practice among enterprises, wildcard certs were recently revealed to open the door to a hacking technique dubbed ‘ALPACA’ (Application Layer Protocols Allowing Cross-Protocol Attack) | |
| V-S | (I) NSA warns of heightened wildcard TLS certificate risk (II) The Daily Swig (III) https://portswigger.net/daily-swig/nsa-warns-of-heightened-wildcard-tls-certificate-risk | ||
| 12.10. | Nenda | A Pentagon official resigned from his duty on US cyber security. He claims that US can't keep up with China's AI development. In his interview he actually said that the cyber security of the US government is at kindergarten level. He thinks that US has already lost to China and have no chance to compete them in cyber security in the next 5-10 years. Keeping up secure cyber security is getting more demanding for US since Pentagon and Google stopped their cooperation in 2018. US' cyber security situation has been very alarming for a while. [Finnish] | |
| O-s | Mikrobitti, Pentagonin tietoturvavastaava lahti ovet paukkuen. Kipupisteena tekoaly, Antti Kailio, https://www.mikrobitti.fi/uutiset/pentagonin-tietoturvavastaava-lahti-ovet-paukkuen-kipupisteena-tekoaly/cba2fed8-ca31-4b90-b4d7-7f3f26719741 | ||
| 11.10. | shida | According to a 2021 report from IBM and the Ponemon Institute, the average cost of a data breach among companies surveyed reached $4.24 million per incident in 2021, the highest in 17 years. Remote work impact: The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches. Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.) | |
| C-s | Security Infowatch ,Data breach numbers, costs and impacts all rise in 2021,https://www.securityinfowatch.com/cybersecurity/news/21241763/research-data-breach-numbers-costs-and-impacts-all-rise-in-2021 | ||
| 11.10. | Hamed | Threat hunters at Microsoft are raising the alarm about a new Iran-linked threat actor caught using password-spraying techniques to break into defense technology companies in the United States, Israel and parts of the Middle East. The Redmond, Wash. software giant on Monday shared technical details on UNC-0343, an Iran-linked apex actor that has been actively attempting to break into Office 365 accounts since at least July 2021. Microsoft recommends that Office 365 administrators immediately enable and deploy MFA (multifactor authentication) technology and block all incoming traffic from anonymizing service where possible. | |
| C-S | Security Week, Ryan Naraine, https://www.securityweek.com/microsoft-exposes-iran-linked-apt-targeting-us-israeli-defense-tech-sectors | ||
| 11.10. | Nenda | Hacking group called APT28 and also known as Fancy Bear is run by Russian military intelligence according to UK governments. They have targeted phishing attempts towards politicians and human right activists. Now Google is giving free physical USB security keys to 10 000 users. It combines passwords and your phone or a security key. Also on the news you can see a message Google sent to all risky users. This kind of big phishing campaign has happened in 2016 that targeted 4000 Gmail users. In may more and more people will be brought to two-factor authentication system. | |
| I-G | BBC, Google gives security keys to 10 000 high-risk users, Anonymous, https://www.bbc.com/news/technology-58844502 | ||
| 10.10. -1 | Nenda | Research leader of F-Secure, Mikko Hypponen answers to some questions about cyber security in his new book (Internet, WSOY). He tells that by drawing a fake pin code to your bank card you can trick the person who has stolen your card. Never let strangers in places they don't have access card to. Hypponen also mentions that you should pick the nearest shop from your home as your home address of navigator. Last thing he points out is that you should call or contact someone who is wishing you to open an email link. [Finnish] | |
| O-g | Iltalehti, Tietoturvaguru Mikko Hypponen jakaa vinkkeja uutuuskirjassaan. Vaara PIN-koodi tussilla pankkikorttiin, Mika Koskinen, https://www.iltalehti.fi/tietoturva/a/b5833240-20d9-46bb-9c4c-85c4f2e9467e | ||
| 10.10. -1 | Hamed | Cybersecurity researchers at Palo Alto Networks have actively tracked the evolution of SilverTerrier Nigerian Business Email Compromise (BEC) threat actors. From 2014, researchers have uncovered over 170,700 samples of malware directly linked to Nigerian BEC actors. These samples have been noticed in over 2.26 million phishing attacks targeting users across all industries worldwide. SilverTerrier specializes in business email compromise attacks, the kind of email fraud in which scammers impersonate a target’s coworker or friend, then ask for wire transfers. | |
| C-S | CySecurity News, Nigerian Scammers Specializing in BEC Attacks Continue to Mature, https://www.cysecurity.news/2021/10/nigerian-scammers-specializing-in-bec.html | ||
| 9.10. -1 | JustASinner | The alleged Russian hackers who broke into US federal agencies using SolarWinds and Microsoft software emerged with material on counter-intelligence investigations, sanctions policy, and the country’s response to COVID-19. The hackers entered into unclassified Justice Department networks and read communications from the departments of treasury, commerce, and homeland security, according to earlier reports. A total of nine government entities were hacked. These entities were hacked by exploiting a vulnerability in SolarWinds, which is a company that provides widely used software for network management. | |
| A-S | TheDigitalHacker, Data on US sanctions policy and intelligence operations was stolen in the SolarWinds hack, https://thedigitalhacker.com/data-on-us-sanctions-policy-and-intelligence-operations-was-stolen-in-the-solarwinds-hack/ | ||
| 9.10. | Nenda | Psychoteraphy center "Vastaamo" was a victim of a huge data breach in 2019 and now Vastaamo went to bankrupt due to this incident. Thousands of people whose personal status was revealed can have monetary compensations because of the psychological and economic damage. Since the business went to bankrupt Vastaamo can only give maximum of 2500 euros for each victim. The victims still insist for higher amounts that range from 1000 to 10 000 euros. Further negotiations about the monetary compensations can be made in district court. Data protection representative's office is investigating if Vastaamo has broken GDPR guidelines in information security. [Finnish] | |
| C-g | Yle uutiset, Vastaamon entiset potilaat vaativat jopa 10 000 euron korvauksia tietomurrosta. Konkurssipesa pitaa 2 500:aa euroa ylarajana, Anonymous, https://yle.fi/uutiset/3-12134525 | ||
| 9.10. -1 | Hamed | An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks. Cybersecurity firm Mandiant attributed the intrusions to a Russian-speaking hacker group codenamed FIN12, and previously tracked as UNC1878, with a disproportionate focus on healthcare organizations with more than $300 million in revenue, among others, including education, financial, manufacturing, and technology sectors, located in North America, Europe, and the Asia Pacific. | |
| C-S | The Hacker News, Ransomware Group FIN12 Aggressively Going After Healthcare Targets, https://thehackernews.com/2021/10/ransomware-group-fin12-aggressively.html | ||
| 9.10. -1 | shida | Backup helps protect your company's critical data and systems. Even if damage occurs, a well-managed backup will help restore operations quickly and efficiently. A well-found guideline in backup is the 3-2-1 rule. The 3-2-1 rule is, of course, only part of a good backup plan. In addition, remember to back up regularly and often enough, choose the right data to back up, automate your backup, and test your backups regularly.[Finnish] | |
| I-g | Tekniika & Talous, If you are not yet familiar with the 3-2-1 rule on your computer, then it would be better,Janne Laakso,https://www.tekniikkatalous.fi/uutiset/jos-et-viela-tunne-tietokoneesi-3-2-1-saantoa-niin-parempi-olisi/d076b01e-af80-40b3-a3d0-08725a51bee2 | ||
| 8.10. -1 | shida | high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. Particularly, the issue resides in the schema parsing function, which allows any input passed to be evaluated and executed, resulting in a scenario where a specially-crafted string within the schema can be abused for the injection of system commands. | |
| V-S | The Hacker News, Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects, Ravie Lakshmanan , https://thehackernews.com/2021/10/code-execution-bug-affects-yamale.html | ||
| 8.10. | Hamed | Two authentication bypass vulnerabilities exist in unpatched Dahua cameras, and a proof-of-concept exploit released on 7th October makes the case for upgrading urgent. Both CVE-2021-33044 and CVE-2021-33045 are authentication bypass weaknesses that can be remotely exploited during the login process by sending specially crafted data packets to the target device. The flaw was initially reported to Dahua in May of 2019. The Chinese surveillance camera provider Dahua Technology has been barred from doing business and selling products in the United States since October 2019, when it was added to the US Department of Commerce's 'Entity List.' | |
| V-S | CySecurity New, https://www.cysecurity.news/2021/10/unpatched-dahua-cameras-are-prone-to.html | ||
| 8.10. -1 | JustASinner | The developers of the free CMS, Typo3, have closed two security holes with the latest version of their CMS. The more dangerous one of the vulnerabilities allowed malicious actors to create new admin accounts without any authentication and in such a way fully compromise the CMS and fool users. The second vulnerability allowed spoofing attacks, because of poor validation of HTTP host headers. The new version also introduces 2FA in the back-end of the system and improves overall speed and usability. [German] | |
| I-s | heise online, Typo3: New version closes two security gaps in the CMS, Olivia von Westernhagen, https://www.heise.de/news/Typo3-Neue-Version-schliesst-zwei-Sicherheitsluecken-im-CMS-6211486.html | ||
| 7.10. | skylark | Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, a report made by Microsoft said. The devastating effectiveness of the long-undetected SolarWinds hack also boosted Russian state-backed hackers’ success rate to 32% in the year ending June 30, compared with 21% in the preceding 12 months. | |
| A-S | securityweek, Microsoft: Russia Behind 58% of Detected State-Backed Hacks, https://www.securityweek.com/microsoft-russia-behind-58-detected-state-backed-hacks?&web_view=true | ||
| 7.10. | Nenda | Because it's cyber security month Google published an idea that they will force Google accounts to use two-step authentication. Their goal is to get over 150 million account to verify through two-factor verification. Google also announced that they have new system to deal with inactive accounts. You can set a time when you think your account is too inactive and google can then let an another account to have access to some of your data. Google can also delete your account if wanted. My question is that are these solutions better than just setting your account locked? [Finnish] | |
| I-g | Kauppalehti, Google tekee 150 miljoonalle tilille muutoksen. Kyllastyi kayttajien hidasteluun, Samuli Leppala, https://www.kauppalehti.fi/uutiset/google-tekee-150-miljoonalle-tilille-muutoksen-kyllastyi-kayttajien-hidasteluun/eb6382c1-8c4b-4206-9e2e-0beaab8ff668 | ||
| 7.10. -1 | Hamed | Game-streaming platform Twitch has been the victim of a leak, reportedly divulging confidential company information and streamers' earnings. The documents appear to show Twitch's top streamers each made millions of dollars from the Amazon-owned company in the past two years. Twitch confirmed the breach and said it was "working with urgency" to understand the extent of it. In a statement posted on Twitter, the company said it would "update the community as soon as additional information is available". Those behind the leak also claimed to have the source code for the video platform itself. | |
| A-G | BBC News, Twitch confirms massive data breach , Joe Tidy & David Molloy, https://www.bbc.com/news/technology-58817658 | ||
| 6.10. | Hamed | Global telecom firm Syniverse secretly revealed to the Securities and Exchange Commission last week that attackers have been inside its systems over the past five years. The private records of more than 200 customers were compromised due to a security flaw that impacted its database. According to a source who works at Syniverse, the attackers could have gained access to call records and message data, such as call length and cost, caller and receiver’s numbers, the location of the calling parties, the content of SMS text messages, and more. | |
| A-S | CySecurity New, https://www.cysecurity.news/2021/10/global-telecom-firm-syniverse-secretly.html | ||
| 6.10. | Nenda | Three men used 23,000 euros worth gadget to steal keyless cars. The gadget was disguised as a black Nintendo game boy with many buttons and had Supreme logo on it. It has been adjusted to open Mitsubishi Outlanders. Over 30 cars of this type were stolen in West Yorkshire. On the news you can see a video how easily the car was unlocked and then started with the gadget. This case is a good example of well organised and planned theft. The thieves got 2 or 2,5 year of sentence in jail. [Finnish] | |
| A-s | Tivi, ”Pelikonsolilla” varastettiin 5 henkiloautoa – laitteen sisalla 23 000 € yllatys, Samuli Leppala, https://www.tivi.fi/uutiset/pelikonsolilla-varastettiin-5-henkiloautoa-laitteen-sisalla-23-000-yllatys/26225505-5a67-4086-93c9-9c1cce964616 | ||
| 6.10. | skylark | Reportedly, the entire source code of the live streaming platform twitch has been leaked, along with streamer earnings, proprietary SDKs, internal AWS services, and encrypted passwords. The leak originally appeared as a 125GB torrent on 4Chan. Twitch has yet to comment on the incident. The leaker claims this 125GB file is only the beginning, and intends to leak more in the future. | |
| A-G | Dot Esports, Twitch data reportedly leaks online including source code, streamer earnings, encrypted passwords, and more, Ryan Galloway, https://dotesports.com/streaming/news/twitch-data-reportedly-leaks-online-including-source-code-streamer-earnings-encrypted-passwords-and-more | ||
| 5.10. -1 | JustASinner | Two people connected with ransomware attacks were arrested in Ukraine as reported by Europol. The ransoms for the attacks reached upwards of 70 million euros and the activity of the group, to whom the individuals belonged, started from April 2020. The operation to arrest these individuals was carried out by The FBI, the French police, and the Ukrainian National Police. Europol also notes that assets worth 1.3 million euros belonging to the group have been blocked, because of the operation. | |
| C-S | The Digital Hacker, ‘Prolific’ Ransomware attackers arrested in Ukraine, https://thedigitalhacker.com/prolific-ransomware-attackers-arrested-in-ukraine/ | ||
| 5.10. | Nenda | Data from us is spreading globally. National Cyber Security Centre of Traficom has gone through a Cyber Security Centre of the Lithuania's (NCSC-LT) investigation about mobile phone security. The report deals with discoveries as some of the phones use third-party app stores by default. Also, the activity, like where user is logged in or what is the used language, on one phone can be sent beyond ETA area. In some beyond EU/ETA area's countries some advertising platforms uses keywords to filter advertisement. They also found out that phone numbers can be sent beyond ETA area without user's permission. | |
| O-s | Traficom, Arvio mobiililaitteiden turvallisuuden selvityksesta, Anonymous, https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/arvio-mobiililaitteiden-turvallisuuden-selvityksesta | ||
| 5.10. | skylark | A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries with the goal of stealing data from compromised networks. Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang — referring to their chameleellonic capabilities, including disguising "its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google." | |
| A-S | thehackernews, A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries, Ravie Lakshmanan, https://thehackernews.com/2021/10/a-new-apt-hacking-group-targeting-fuel.html | ||
| 4.10. | Nenda | Cybersecurity experts have figured out that 73 % of all ransomware action in Q2 2021 has been done by a gang called REvil gang. Also other gangs as Ryuk, Babuk and Darkside have been unfortunately very successfull in their hacking action. Actually, Q2 2021 has made US administration to notice that ransomware menace is rising. Also some of their attacks have been countered but the EMEA President of the McAfee Enterprise, Adam Philpott, still says that organizations should prepare for future attacks. Also the US president Joe Biden has taken this risk seriously. | |
| C-S | TechRadar, REvil is dominating the global ransomware scene, Mayank Sharma, https://www.techradar.com/news/revil-is-dominating-the-global-ransomware-scene | ||
| 4.10. | JustASinner | Adam Georgeson, a former IT technician, admitted to two charges of computer misuse after he targeted Welland Park Academy and downloaded and wiped data off of the information system, as well as changed the passwords of various staff members back in January of this year. The attack affected all of the academies pupils who were unable to access the systems during the start of the Covid-19 pandemic, when remote education began. The perpetrator admitted committing these crimes and explained that the motive was a vendetta against his former employer. | |
| C-G | Harborough Mail, IT technician who 'felt a great deal of resentment' towards a Harborough secondary school admits carrying out a devastating cyber attack on it, Red Williams, https://www.harboroughmail.co.uk/news/crime/it-technician-who-felt-a-great-deal-of-resentment-towards-a-harborough-secondary-school-admits-carrying-out-a-devastating-cyber-attack-on-it-3406907 | ||
| 3.10. | JustASinner | The cybercriminal group responsible for the Conti ransomware, has made a public announcement/comment regarding victims leaking their negotiation chats with the group to various journalists. In their announcement the group threatens, that anyone that leaks ongoing chats without the groups approval will have their data posted online and all negotiations will be stopped. In the case, the chats will leak after successful negotiations the group will leak other victims data as retaliation. [German] | |
| A-s | heise online, Ransomware: Conti group refuses to have their negotiation chats leaked, Tilman Wittenhorst, https://www.heise.de/news/Ransomware-Conti-Erpressergruppe-verbittet-sich-Leaks-ihrer-Verhandlungs-Chats-6206790.html | ||
| 2.10. | arttuleht | There's an effort to improve general level of cyber security across the US. President Biden opened Cyber Awareness month with a statement, where he highlighted efforts to combat cyber attacks. Future government equipment & design of infrastructure will be held to a high security standard, before put into use. | |
| I-G | i) Nasdaq ii) President Biden Weighs In on October’s Cybersecurity Focus iii) Anonymous iv) https://www.nasdaq.com/articles/president-biden-weighs-in-on-octobers-cybersecurity-focus-2021-09-30 | ||
| 2.10. | JustASinner | The creators of the infamous FluBot spyware launched a new campaign to trick phone users into downloading the virus through a fake website. New Zealand's computer emergency response team "Cert NZ" warns users that the new installation page for the virus poses as an urgent software update to instill urgency into the user. FluBot itself, is capable of stealing a user's payment and banking information by using overlay attacks where an overlay is placed on top of legitimate banking, payment and cryptocurrency apps. The spyware, will also steal a user's contacts to send them phishing messages to help spread it. | |
| A-S | TechRadar, Watch out - that Android security update may be malware, Anthony Spadafora, https://www.techradar.com/news/watch-out-that-android-security-update-may-be-malware | ||
| 1.10. -1 | JustASinner | IT systems at NUI Galway remain offline, after an attempted cyberattack was detected. Because of the attack all internet communication channels into and out of the university have been blocked, which has impacted students and professors. The researchers, that are analyzing the attack, mentioned that there is no evidence, as of the time of the article, that any material has been compromised. | |
| A-G | RTE Ireland's National Television and Radio Broadcaster, NUIG IT systems remain offline after attempted cyber attack, Pat McGrath, https://www.rte.ie/news/2021/0930/1249912-nuig-cyber-attack/ | ||
| 1.10. | Nenda | It's not always safe to download apps from Google Play Store. An android trojan malware called GriftHorse has spread through about 200 different fake apps. It took a whole year from Google to notice these fake apps. By then the apps have taken more than 10 million dollars from each victim. The apps were disguised as normal heart rate trackers. When the app is downloaded it starts sending a myriad of pop-ups to the users. When clicked the phishing starts. Everything would've been okay if people didn't input their phone numbers and getting phone bills after answering to SMS-charity messages.[Finnish] | |
| C-O | Tekniikka & Talous, "Alypuhelimissa leviaa kavala haittaohjelma – jo yli 10 miljoonaa laitetta saastunut", Antti Kailio, https://www.tekniikkatalous.fi/uutiset/tt/e44e9248-b685-4786-a3f6-d2008a0cee2e?ref=ampparit:66d7 | ||
| 1.10. -1 | skylark | Finnish govermental agencies recommend people to stay extra vigilant when banking online. Criminals are phishing log-ins to various banks and the Finnish Omakanta -service (medical records). Since spring, phishing and social engineering attacks have been aggressive. The rest of the article outlines good tips to stay safe online, such as not to click on dubious links or directly logging in from a result found by a search engine. | |
| A-s | TRAFICOM/Kyberturvallisuuskeskus, "Criminals are trying to get their hands on Finnish back accounts, tips for staying safe", Finnish govermental agency, https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/rikolliset-urkkivat-suomalaisten-pankkitunnuksia | ||
| 30.9. | arttuleht | Apple Pay's contactless payment feature can be exploited to charge large amounts of money from unsuspecting victims. The exploitation is done in the form of a relay attack. The attack is very insidious by its nature, which makes it very dangerous. The research to this matter was done in order to prevent these sorts of attacks in future. Similar payment systems were tested, but they showed no vulnerabilities. | |
| V-G | i) BBC ii) Researchers find Apple Pay, Visa contactless hack iii) Anonymous iv) https://www.bbc.com/news/technology-58719891 | ||
| 30.9. | Nenda | It has been discovered that the new the Apple AirTag tracking device has a vulnerability in it. Normally, when the AirTag is in lost mode and somebody finds it, they can see the information from the owner such as phone number or home address. Now actually scanning this AirTag can lead to iCloud phishing page. Emails are not the only phishing methods that people uses. Apple has to do something about the "Lost Mode" since users can input computer code in it. Apple hasn't yet answered to this security discovery. [FINNISH] | |
| V-s | Mikrobitti, "Loysitko AirTag-laitteen? Se voi olla ovela troijalainen", Suvi Korhonen, https://www.mikrobitti.fi/uutiset/mb/22376487-f5f1-41fd-a13c-6ea8c06ef8fb?ref=ampparit:26ad | ||
| 30.9. -1 | skylark | The founder of one of Russia’s largest cybersecurity companies, Ilya Sachkov, has been arrested on suspicion of state treason and will be held in a notorious prison run by the security services for the next two months. The charges against Ilya Sachkov are classified and details of them were not immediately clear. | |
| A-O | Ars Technica, Russia arrests cybersecurity expert on treason charge, Eric Bangeman, https://twitter.com/arstechnica/status/1443358289497047045 | ||
| 29.9. | JustASinner | The Hellenic Police Department for Prosecuting Electronic Crime announced on Tuesday that an investigation had uncovered incriminating evidence on four websites and six social media accounts responsible for encouraging people not to get vaccinated. The probe, which was launched by the Citizen Protection Minister, was investigating whether the spreading of this fake news were inciting citizens to act against public health, safety and the state. | |
| A-G | Greek City Times, Cybercrime probe finds four Greek websites spreading "illegal" anti-vaxxer content, https://greekcitytimes.com/2021/09/29/cybercrime-probe-anti-vax/ | ||
| 29.9. -1 | JustASinner | The Hellenic Police Department for Prosecuting Electronic Crime announced on Tuesday that an investigation had uncovered incriminating evidence on four websites and six social media accounts responsible for encouraging people not to get vaccinated. The probe, which was launched by the Citizen Protection Minister, was investigating whether the spreading of this fake news were inciting citizens to act against public health, safety and the state. | |
| A-G | Greek City Times, Cybercrime probe finds four Greek websites spreading “illegal” anti-vaxxer content, https://greekcitytimes.com/2021/09/29/cybercrime-probe-anti-vax/ | ||
| 28.9. -1 | JustASinner | Binance Security worked with multiple international cyber police forces, in an effort to apprehend a prolific cybercriminal ring, named "FANCYCAT". The group has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware and is responsible for over $500M worth of damages. Binance used the in-house AML detection and analytics program to map out suspicious behavior and then worked with international law enforcement to track down members of the FANCYCAT group. | |
| C-S | The Block Crypto, Binance Helps Take Down Cybercriminal Ring Laundering $500M in Ransomware, https://www.theblockcrypto.com/post/118769/binance-helps-take-down-cybercriminal-ring-laundering-500m-in-ransomware | ||
| 28.9. | JustASinner | Binance Security worked with multiple international cyber police forces, in an effort to apprehend a prolific cybercriminal ring, named "FANCYCAT". The group has been running multiple criminal activities: distributing cyber attacks; operating a high-risk exchanger; and laundering money from dark web operations and high-profile cyber attacks such as Cl0p and Petya ransomware and is responsible for over $500M worth of damages. Binance used the in-house AML detection and analytics program to map out suspicious behavior and then worked with international law enforcement to track down members of the FANCYCAT group. | |
| C-S | The Block Crypto, Binance Helps Take Down Cybercriminal Ring Laundering $500M in Ransomware, https://www.theblockcrypto.com/post/118769/binance-helps-take-down-cybercriminal-ring-laundering-500m-in-ransomware | ||
| 28.9. -1 | uche | IBM Security researchers have discovered a new form of overlay malware targeting online banking users. Dubbed ZE Loader, is a malicious Windows application that attempts to obtain financial data from victims by establishing a back door connection. However, unlike the typical banking Trojans, the ZE loader employs multiple stealth tactics to remain hidden, and stores permanent assets on infected devices. The malware is targeting banks, online payment processors, and cryptocurrency exchanges and is able to interact with the victim's device in real-time, thereby greatly enhancing the finesse of the whole operation. | |
| A-S | (i) E Hacking News (ii) Newly Discovered ZE Loader Targets Online Banking Users (iii) https://www.ehackingnews.com/2021/09/newly-discovered-ze-loader-targets.html | ||
| 27.9. | zui | State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected. Attacks incorporating the backdoor are believed to have occurred since 2020. | |
| V-S | The Hacker News, https://thehackernews.com/2021/09/russian-turla-apt-group-deploying-new.html | ||
| 27.9. | skylark | According to SuPo (Finnish Security and Intelligence Service), Finland is under constant illegal cyber espionage from national threats. The most significant non-surveillance threat are various uses of ransomware. When it comes to non-national threats, e.g. threats made by individuals or smaller groups, the second largest hazards are religous extremists and radical right-wing supporters. A significant part of the radicalization happens in the internet. | |
| O-g | Kauppalehti, The largest (cyber) terrorism threat in Finland comes from the supporters of islam and radical right-wing ideologies, Minna Karkkola, https://www.kauppalehti.fi/uutiset/supo-suurin-terrorismin-uhka-suomessa-tulee-aarioikeiston-ja-radikaali-islamin-kannattajista/c4d271ba-ba16-46e8-8458-b1dac35d2b35 | ||
| 27.9. -1 | uche | SonicWall has released a security advisory to warn users regarding a critical flaw impacting some of its Secure Mobile Access (SMA) 100 appliances. The vulnerability spotted as CVE-2021-20034 could potentially allow a remote unauthenticated hacker to delete arbitrary files from the targeted appliance and secure administrator access to the device. The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as Nobody. There is no evidence that this vulnerability is being exploited in the wild,” researchers explained. | |
| V-S | (i) E Hacking News (ii) SonicWall Patches Critical Flaw in SMA 100 Products (iii) https://www.ehackingnews.com/2021/09/sonicwall-patches-critical-flaw-in-sma.html | ||
| 27.9. | uche | Investigators within the cybersecurity industry have revealed a unique approach used by a Threat actor to purposefully avoid detection using flawed digital signatures of their malware payloads. Google Threat Analysis Group's Neel Mehta claimed attackers produced flawed code signatures that seem to be valid by Windows and are not capable of being Decoded or controlled by OpenSSL code. A notorious family of undesirable software, called OpenSUpdater, used it to download and install other suspected programming on affected computers, was found to be exploiting the new technique. | |
| O-O | (i) E Hacking News (ii) Hackers Discover Technique to Make Malware Undetectable on Windows (iii) https://www.ehackingnews.com/2021/09/hackers-discover-technique-to-make.html | ||
| 27.9. | uche | Opera has patched a severe cross-site scripting (XSS) to remote code execution (RCE) web browser flaw. The browser-maker runs a technical blog series on the most interesting vulnerabilities reported through its private bug bounty program. In a post dated September 24, Opera detailed the latest discovery of a bug bounty hunter with the handle ‘Renwa’, a member of the private disclosure scheme. The technology allows users to exchange files, links, YouTube videos, photos and personal notes, and access them at any time from their connected mobile device or computer. | |
| V-S | (i) The daily Swig (ii) Opera browser patches My Flow remote code execution vulnerability (iii) https://portswigger.net/daily-swig/opera-browser-patches-my-flow-remote-code-execution-vulnerability | ||
| 27.9. | Hamed | Johnny Lin, a former Apple engineer and founder of Lockdown Privacy, says Apple’s data-collection ban is completely pointless. Although users request that apps not collect data from other companies’ apps and websites, Lockdown Privacy’s study says many popular iPhone apps still collect personal data. According to the study, the transparency of the monitoring did not affect the amount of data collection at all, Business Insider says. The study also found that data was moving in almost every case. [Finnish] | |
| V-g | Kauppalehti, https://www.kauppalehti.fi/uutiset/entiselta-apple-pomolta-paljastus-yksityisyysnappi-on-yhta-tyhjan-kanssa/f8eebd2f-7017-4f46-80ee-9d6d0b2ef2c2 | ||
| 26.9. | JustASinner | Google released an interim security update for its Chrome web browser to fix a security flaw that was exploited in the wild. The vulnerability is a use-after-free flaw in the Portals API, a page navigation mechanism that allows a website to display another page as an inset and conduct a smooth migration to a new phase, where the previously-inset page turns the top-level document. The issue was discovered by Clément Lecigne of the Google Threat Analysis Group | |
| I-S | The Digital Hacker, Google has advised Chrome users to install the most recent security update, https://thedigitalhacker.com/google-has-advised-chrome-users-to-install-the-most-recent-security-update/ | ||
| 25.9. | Hamed | Google researchers have identified malware developers generating malformed code signatures that appear to be valid in Windows to bypass security software. This technique is actively used to spread OpenSUpdater, a family of unwanted software known as riskware, which plants advertisements into targets' browsers and installs other redundant programs on their machines. Researchers believe the financially motivated threat actors behind OpenSUpdater will attempt to infect as many devices as possible and are specifically targeting US citizens who are looking to download game cracks and other pirated software. | |
| C-S | EHackingNews, Malware Creators Use Malformed Certificates To Trick Windows Validation, https://www.ehackingnews.com/2021/09/malware-creators-use-malformed.html | ||
| 24.9. -1 | Hamed | After uncovering an unsecured database collecting the personal information of millions of tourists to Thailand, a British cybersecurity researcher unexpectedly stumbled upon his own personal data online. An unencrypted Elasticsearch server was discovered by Bob Diachenko, a cybersecurity researcher and security leader at Camparitech, exposing the personal data of approximately 106 million international passengers to Thailand. The data was accessible online in an unsecured database, allowing anyone to access it. According to Diachenko, every visitor who visited Thailand in the last ten years may have had their personal information exposed as a result of the event. | |
| A-S | https://www.ehackingnews.com/2021/09/thailands-data-on-106-million-visitors.html | ||
| 24.9. | uche | More than a million South African citizens have potentially had their personal data exposed after a ransomware attack at a debt recovery services firm. The company in question, Debt-IN Consultants, confirmed that it had been the victim of a cyber-attack which resulted in a “significant data breach” of consumer and employee personal information. More than 1.4 million South Africans are suspected to have been impacted by the incident, after Debt-IN says their data was illegally accessed from servers in April this year. Compromised information may include customer names and contact details, employment and salary information. | |
| A-S | (i) The Daily Swig (ii)Millions of South Africans caught up in security incident after debt recovery firm suffers ‘significant data breach’ (iii) https://portswigger.net/daily-swig/millions-of-south-africans-caught-up-in-security-incident-after-debt-recovery-firm-suffers-significant-data-breach | ||
| 24.9. | uche | Multiple critical security vulnerabilities in two VMware network administration tools that could allow an attacker to have full access to an organization’s network have been patched. Users of the vCenter Server and Cloud Foundation products are urged to update immediately to protect against the issues, which are being tracked collectively as VMSA-2021-0020. The most critical issue (CVE-2021-22005) is a file upload vulnerability that can be used to execute commands and software on the vCenter Server Appliance. A security advisory issued warns that the vulnerability can be used by anyone who can reach vCenter Server over the network. | |
| V-S | (i) The daily Swig (ii) VMware security warning: Multiple vulnerabilities in vCenter Server could allow remote network access (iii) https://portswigger.net/daily-swig/vmware-security-warning-multiple-vulnerabilities-in-vcenter-server-could-allow-remote-network-access | ||
| 24.9. | JustASinner | A new critical vulnerabilities were discovered in Cisco devices (primarily in Catalyst 9000 Family Wireless Controllers). One of the vulnerabilities has a CVSS score of 10 (out of 10), because it allows attackers to run malicious code through the wireless access point protocols (acronym: CAPWAP) with administrative privileges. The others allow the attacker to create a DoS status or execute malicious code with root access. Vulnerability codes: CVE-2021-34770, CVE-2021-34727, CVE-2021-1619 [German] | |
| V-s | heise online, Security update: Critical admin vulnerability threatens Cisco devices, Dennis Schirrmacher, https://www.heise.de/news/Sicherheitsupdates-Kritische-Admin-Luecke-mit-Hoechstwertung-bedroht-Cisco-Geraete-6200359.html | ||
| 23.9. | uche | The Internet Security Office (OSI) of the National Cybersecurity Institute (INCIBE) has just detected a new scam that uses WhatsApp to deceive victims . Pay attention to the strategy that the criminals are using not to fall into the trap. This time it is a phishing case in which criminals impersonate WhatsApp's identity. By sending an email that supposedly contains a backup of WhatsApp messages But everything is a hoax and, if you click on the link, a compressed file containing a Trojan is downloaded to the device and executing the file, the device will be infected by malware: [Spanish] | |
| A-s | (i) Computer Hoy (ii) This email does not contain the backup copy of your WhatsApp messages: it is a dangerous scam (iii) https://computerhoy.com/noticias/tecnologia/correo-no-contiene-copia-seguridad-mensajes-whatsapp-peligrosa-estafa-935979 | ||
| 23.9. | Hamed | Spanish authorities are warning of a phishing campaign that impersonates messaging service WhatsApp in an attempt to trick recipients into downloading a trojan. Recipients are being urged to download copies of conversations and call histories from a location that offers only the NoPiques malware. The NoPiques (“Do not chop”) trojan comes bundle in a .zip archive which, if opened and run on a vulnerable device, results in infection. Dangerous emails typically come with the Spanish language subject line ‘Copia de seguridad de mensajes de WhatsApp *913071605 Nº (xxxxx)’, although this can vary. | |
| A-O | The Daily Swig, John Leyden, https://portswigger.net/daily-swig/fake-whatsapp-backup-message-delivers-malware-to-spanish-speakers-devices | ||
| 23.9. | uche | An insidious new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of an ongoing campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware TangleBot. The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone. | |
| A-S | (i) The Hacker News (ii) New Android Malware Targeting US, Canadian Users with COVID-19 Lures (iii) https://thehackernews.com/2021/09/new-android-malware-targeting-us.html | ||
| 23.9. | uche | New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks. Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive target owing to their oversight of core servers, devices, and other critical components in the enterprise network. | |
| V-S | (i) The Hacker News (ii) New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures (iii) https://thehackernews.com/2021/09/new-nagios-software-bugs-could-let.html | ||
| 23.9. | JustASinner | CloudSEK reports, that millions of mobile app users might have exposed their private and payment data due to a security vulnerability in the Razorpay API. CloudSEK revealed in their report, that around 5% of the apps registered in their database, which used Razorpay API exposed the payment integration key ID and key secret. That is the developers of the apps embedded the API key into their source code. Razorpay made a statement regarding this saying: “Razorpay clearly mentions in contracts signed with merchants that such keys should not be exposed on any public platform.” | |
| V-S | HackRead, Deeba Ahmed, Millions impacted as payment API vulnerabilities exposing transaction keys, https://www.hackread.com/payment-api-vulnerabilities-expose-transaction-keys/ | ||
| 23.9. | zui | Security researchers warn that a design issue in how the Microsoft Exchange Autodiscover feature works can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. The risk is significantly higher for devices that are used outside of corporate networks, a common scenario during the pandemic. | |
| V-S | CSO, https://www.csoonline.com/article/3634388/exchange-autodiscover-feature-can-cause-outlook-to-leak-credentials.html | ||
| 23.9. -1 | skylark | The University of Minnesota in partnership with medical device companies like Medtronic and Boston Scientific has started a program to help medical device manufacturers to develop and maintain security in vital medical technology, both in hospitals and in devices the users will have to carry with them at all times, such as insulin pumps and pacemakers. According to Mike Johnson, a securities technologies expert at the University of Minnesota’s Technological Leadership Institute, it is only a matter of time before a fatality due to medical device hacking happens. | |
| I-G | The Verge, A new cybersecurity center wants to protect medical devices against hacks, Nicole Wetsman, https://www.theverge.com/2021/9/21/22686000/medical-device-cybersecurity-hack-minnesota | ||
| 22.9. | Hamed | CISA and the FBI have observed over 400 attacks using Conti ransomware against U.S. and international organizations to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen sensitive data. “The cyber criminals now running the Conti ransomware-as-a-service have historically targeted critical infrastructure, such as the Defense Industrial Base (DIB), prior to Conti campaigns,” said Rob Joyce, Director of Cybersecurity at NSA. The advisory highlights observed Conti actors’ techniques used to conduct their exploits, such as spearphishing campaigns, remote monitoring and management software, the “PrintNightmare” vulnerability, and remote desktop software. | |
| A-S | The Cybersecurity and Infrastructure Security Agency (CISA), https://www.cisa.gov/news/2021/09/22/cisa-fbi-and-nsa-release-conti-ransomware-advisory-help-organizations-reduce-risk | ||
| 22.9. -1 | JustASinner | Apple fixed a security gap in the Face ID biometric authentication system with iOS and iPadOS 15 update. Apple announced after the operating system updates were released, that the vulnerability allowed an attacker with a 3D model of the owner's face to log in onto the victims accounts/devices with the Face ID system. The vulnerability has been eliminated by improving the anti-spoofing technology used in the authentication system. [German] | |
| I-s | heise online, Face ID: iOS 15 removes loophole in Apple's face recognition, Leo Becker, https://www.heise.de/news/Face-ID-iOS-15-raeumt-Schwachstelle-bei-Apples-Gesichtserkennung-aus-6198002.html | ||
| 22.9. | JustASinner | Apple fixed a security gap in the Face ID biometric authentication system with the updated iOS and iPadOS 15. Apple announced after the operating system updates were released, that the vulnerability allowed an attacker with a 3D model of the owner's face to log in onto the victims accounts/devices with the Face ID system. The vulnerability has been eliminated by improving the anti-spoofing technology used in the authentication system. [German] | |
| I-s | heise online, Face ID: iOS 15 removes loophole in Apple's face recognition, Leo Becker, https://www.heise.de/news/Face-ID-iOS-15-raeumt-Schwachstelle-bei-Apples-Gesichtserkennung-aus-6198002.html | ||
| 21.9. | zui | With the help of malicious insiders, Muhammad Fahd was able to install malware and remotely detach iPhones and other handsets from the carrier’s U.S. network AT&T. The ringleader of a seven-year phone-unlocking and malware scheme will head to the clink for 12 years after effectively compromising AT&T’s internal networks to install credential-thieving malware, divorcing nearly 2 million mobile phones from the carrier, and defrauding AT&T out of more than $200 million in lost subscription fees. | |
| C-S | The Cyber Post, https://thecyberpost.com/news/malware/att-phone-unlocking-malware-ring-costs-carrier-200m/ | ||
| 21.9. | uche | French shipping giant CMA CGM suffers data breach French shipping company CMA CGM has announced it has suffered a data breach. The container transportation and maritime giant, based in Marseille, revealed in in a security advisory that customers’ names, email addresses, phone numbers, and employment information have been leaked. It has not yet been confirmed how many individuals were affected by the incident, but CMA CGM said that its operations were not affected. | |
| A-S | (i) The Daily Swig (ii) French shipping giant CMA CGM suffers data breach (iii) https://portswigger.net/daily-swig/french-shipping-giant-cma-cgm-suffers-data-breach | ||
| 21.9. | uche | A zero-click vulnerability in a popular IoT security camera could allow an unauthenticated attacker to gain full access to the device and possibly internal networks, a researcher has warned. The researcher, dubbed ‘Watchful IP’, has released details of the unauthenticated remote code execution (RCE) bug in certain products from Hikvision, a Chinese manufacturer and world’s biggest network camera brand. In a blog post, they described how the security vulnerability, tracked as CVE-2021-36260, could enable a malicious actor to completely takeover an internet-connected camera and potentially internal networks. | |
| V-S | (I) The Daily Swig (ii) Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise (iii) https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise | ||
| 21.9. | JustASinner | A retirement and nursing home in Veyrier, Canton of Geneva, Switzerland was the victim of a hacker attack. The management of the nursing home filed a report against the unknown assailants, however they note, that they cannot rule out the possibility that the stolen medical and personal data of the residents will appear on the Darknet/Internet. The criminals acted from abroad and demanded a ransom, which the company did not pay. No data was lost because of the incident because of a backup. | |
| A-g | Watson, Ransomware attack: A nursing home in the Canton of Geneva has been hit by it, https://www.watson.ch/digital/schweiz/201961888-ransomware-attacke-nun-hats-ein-pflegeheim-im-kanton-genf-erwischt | ||
| 21.9. -1 | JustASinner | The Mirai botnet lets threat actors use compromised devices to carry out large-scale and crippling DDoS attacks because of a vulnerabilities in Microsoft Azure services, which was discovered by the Wiz Research Team. These vulnerabilities have been dubbed the OMIGOD flaws. An attacker can remotely exploit one of the vulnerabilities simply by sending out a well-crafted request to a vulnerable device using a publicly accessible remote management port, such as 5986m 5985, or 1270. If the attack is successful, the attacker can become a root on a remote device. | |
| V-S | HackRead, "Mirai botnet exploiting Azure OMIGOD vulnerabilities", Deeba Ahmed, https://www.hackread.com/mirai-botnet-exploiting-azure-omigod-vulnerabilities/ | ||
| 21.9. -1 | Hamed | Spanish and Italian authorities have dismantled an organized crime group allegedly involved in online fraud, money laundering, and other illegal activities. The group, which was linked to the Italian Mafia, defrauded hundreds of individuals through attack techniques such as phishing, SIM swapping, and even business email compromise (BEC). Organized in a pyramid structure, the group included computer experts, recruiters and supervisors for the money mules, and money laundering experts. Most of them are Italian nationals, some linked to mafia organizations. They tricked victims into sending large amounts of money to bank accounts controlled by the criminal group. | |
| C-S | SecurityWeek, Ionut Arghire, https://www.securityweek.com/cybercriminals-linked-italian-mafia-arrested-european-police | ||
| 21.9. | skylark | ExpressVPN was bought by an Israeli cyber security company for 1B dollards. Edward Snowden has warned in Twitter people from using ExpressVPN. This warning seems to be in reaction to the news that ExpressVPN’s CIP, Daniel Gericke, is one of the three ex-US intelligence operatives who admitted illegally helping the UAE government perform hacking on their targeted people. ExpressVPN has not denied the claim that its CIO has been involved in Project Raven, an UAE government’s surveillance operation to hack heads of state, American personalities, and activists. | |
| C-S | hackread, Waqas, https://www.hackread.com/edward-snowden-stop-using-expressvpn | ||
| 20.9. | zui | CloudSEK, maker of artificial intelligence- (AI-) enabled digital threat protection, reported last week that the mobile ecosystem is reeking with hard-coded API keys: Keys that should never be exposed in endpoint apps. Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out. | |
| V-S | The Cyber Post, https://thecyberpost.com/news/vulnerabilities/payment-api-bungling-exposes-millions-of-users-payment-data/ | ||
| 20.9. | Hamed | The Alaska health department has shared more information about the cyberattack detected earlier this year. There had been some speculation that it may have been a ransomware attack, but the information shared last week revealed that “there is no indication of this being a ransomware attack” and that instead, it was an attack conducted by a state-sponsored threat actor. Many systems have been shut down following the incident and while some of them have already been restored, others, such as the health department’s website, are still offline. The investigation has revealed that the attacker may have obtained personal information. | |
| C-S | Securityweek, Eduard Kovacs, https://www.securityweek.com/cyberattack-alaska-health-department-linked-state-sponsored-hackers | ||
| 19.9. -1 | zui | US customer experience technology giant TTEC has been committed to a cybersecurity attack and going through a system outage. Business activities at several major company’s client have been temporarily disrupted. The attack may have been launched by the prolific Ragnar Locker ransomware group, who has also attacked major companies like Capcom, Campari, energy company EDP, and several shipping giants in China, or someone trying to impersonate them. Target of this ransomware attacks are usually organizations with large customer bases relying on services, or a product, knowing it hinders business and creates a trickle-down impact on all customers. | |
| A-S | The Cyber Post, https://thecyberpost.com/news/security/ttec-hit-with-ransomware-attack-hampering-work-for-major-clients/ | ||
| 18.9. | Hamed | South Africa's Justice Department was attacked earlier this month by a major ransomware attack and has been struggling since then to get back to normal. The attack was carried out on the 6th of September 2021, after ransomware compromised the department's entire information systems. It restricted the internal staff and the public from accessing any technological services. The Department of Justice could not identify the cybercriminals behind the attack. Hackers and ransomware organizations frequently take data before an information system is encrypted. This compels victims to pay an enormous ransom fee for fear of public information leakage. | |
| A-S | EHackingNews, https://www.ehackingnews.com/2021/09/south-africas-department-of-justice-hit.html | ||
| 18.9. | shida | Hackers briefly disrupted the website of the authority running Germany’s September 26 general election, according to a spokesperson for the organization.The spokesperson stated that at the end of August, the website of the Federal Returning Officer only had limited accessibility for a few minutes due to a malfunction. The problem was analyzed and the technical concepts were further developed accordingly. The information for the public through the website of the Federal Returning Officer was ensured. | |
| C-O | Cyber Safe, German Election body hit by a cyber-attack,Priyanka R,https://www.cybersafe.news/german-election-body-hit-by-a-cyber-attack/ | ||
| 17.9. -1 | shida | The list of vulnerabilities - collectively known as OMIGOD - affects software called Open Management Infrastructure that is automatically deployed in many Azure services. Among them are 1 remote code execution vulnerability with identifier CVE-2021-38647 (CVSS score: 9.8) and 3 privilege escalation vulnerabilities CVE-2021-38648 (CVSS score: 7.8). , CVE-2021-38645 (CVSS score: 7.8), CVE-2021-38649 (CVSS score: 7.0). Azure customers on Linux machines, running one of the services such as Azure Automation, Azure Automatic Update, Azure Operations Management Suite (OMS), Azure Log Analytics, Azure Configuration Management, and Azure Diagnostics, are all at risk. [Vietnamse] | |
| V-s | WhiteHat,Detected critical vulnerability in Azure application secretly installed by Microsoft on Linux VM,https://whitehat.vn/threads/phat-hien-lo-hong-nghiem-trong-trong-ung-dung-azure-duoc-mircrosoft-bi-mat-cai-dat-tren-linux-vm.15257/ | ||
| 17.9. | uche | Hacktivists affiliated with Anonymous are pouring over the entrails of a cyber-attack against controversial web host Epik that led onto the leak of customer data. Anonymous hacked and defaced the Epik-hosted Republican Party of Texas on September 11, following this up with an assault on Epik’s infrastructure days later. Masses of stolen data from Epik were subsequentially released through the DDO Secrets organization. Hacktivists boasted of releasing a decade’s worth of data in in databases containing domain ownership records, transaction details, emails, and unsorted or at least unindexed, encryption keys among the 32GB trove of leaked data. | |
| V-S | (I) The Daily Swig (II) Epik hack exposes lax security practices at controversial web host. (iii) https://portswigger.net/daily-swig/epik-hack-exposes-lax-security-practices-at-controversial-web-host | ||
| 17.9. -1 | Hamed | Last month the notorious REvil ransomware left its victims with no way to recover their data. Many of those victims can now recover their precious data. Security experts at Bitdefender have created a decryption tool that works against ransomware infections. It all started last month when managed IT services provider Kaseya fell victim to the REvil ransomware. They caught an unbelievably lucky break. Instead of providing a unique key to Kaseya that would only unlock its own files, a REvil coder accidentally generated a master key that could unlock any of its victims’ files. | |
| I-G | Forbes, Lee Mathews, https://www.forbes.com/sites/leemathews/2021/09/16/revil-ransomware-victims-get-a-reprieve-as-master-decryption-key-is-released/?utm_campaign=sprinklrForbesTechTwitter&utm_content=5497356368&utm_medium=social&utm_source=TWITTER&sh=3779695c5181 | ||
| 17.9. -1 | zui | Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue concerns unauthorized access and plunder of secret environment data associated with a public open-source project during the software build process. | |
| A-S | The Hacker News, Ravie Lakshmanan, https://thehackernews.com/2021/09/travis-ci-flaw-exposes-secrets-of.html | ||
| 16.9. | uche | The UK’s armed forces are planning to make significant investments in cybersecurity capabilities and skills over the next few years, according to the country’s military leaders. Cyber’s status as the “fifth domain” of warfare– alongside sea, land, air, and more recently, space – is forcing defense forces across the West to change how they operate. The UK military – along with other NATO nations – is investing in robotics and autonomous systems, artificial intelligence, computer-based or synthetic training, called “military Internet of Things” | |
| I-G | (i) The Daily Swig (ii) Cybersecurity News and views (iii) https://portswigger.net/daily-swig/uk-armed-forces-confirms-cyber-as-fifth-dimension-of-warfare | ||
| 16.9. -1 | Hamed | The personal data of around 1.4 million people, who tested for Covid-19 in Ile-de-France in mid-2020, were stolen "following a computer attack", announced Wednesday September 15 the Assistance publique-Hôpitaux de Paris (AP-HP). Apparently, the attack was carried out during the summer and confirmed on September 12. The stolen data include "the identity, social security number and contact details of the people tested", as well as "the identity and contact details of the healthcare professionals taking care of them, the characteristics and the result of the test carried out", but do not contain "any other medical data". [French] | |
| A-g | Franceinfo with AFP, https://www.francetvinfo.fr/sante/maladie/coronavirus/vaccin/tests-covid-19-les-hopitaux-de-paris-victimes-d-un-vol-massif-de-donnees-de-sante_4772485.html | ||
| 15.9. | zui | The U.S. Department of Justice has just disclosed that it fined 3 intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. They are accused of "knowingly and willfully combine, conspire, confederate, and agree with each other to commit offenses" furnishing defense services to persons and entities in the country over a 3 year period from December 2015 to November 2019, including developing invasive spyware capable of breaking into mobile devices without any action by the targets. | |
| C-S | The Hacker News, Ravie Lakshmanan, https://thehackernews.com/2021/09/3-former-us-intelligence-officers-admit.html | ||
| 15.9. | Hamed | A vulnerability has been identified in the Open Management Infrastructure (OMI) component of Microsoft's Azure cloud service that is automatically installed on Linux servers that allows commands to be executed remotely with the highest possible privileges. The Cyber Security Center recommends that administrators ensure that the Linux-based servers installed on their Azure model machines are upgraded to version 1.6.8.1 for this OMI component. All servers installed from Azure templates contain that component, regardless of the choices you make during installation, unless the component has been intentionally removed from the server. [Finnish] | |
| V-s | Traficomin Kyberturvallisuuskeskus, Critical Vulnerability in Microsoft's Azure Cloud Service, https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_28 | ||
| 15.9. | Hamed | An unsecured database belonging to an apparently recently defunct firm exposed 61 million records of wearable health and fitness device users on the internet, say the security researchers who discovered the non-password-protected database in cooperation with the WebsitePlanet research team. "The most disturbing part of the discovery was that many of the records contained user data that included first and last name, display name, date of birth, weight, height, gender, geo location, and more," Fowler writes in the report. The data appears to have been gathered by GetHealth.io, a New York City-based company. | |
| A-S | HealthcareInfoSecurity, 61M Health IoT Device User Records Exposed, Marianne Kolbasuk McGee, https://www.healthcareinfosecurity.com/researchers-61m-health-iot-device-user-records-exposed-a-17532 | ||
| 14.9. | zui | Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click. | |
| I-G | Nicole Perlroth, https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html | ||
| 14.9. | zui | Follows a wave of cyberattacks that have brought added urgency to security issues, last month, the White House hosted a cybersecurity summit with CEOs in sectors ranging from tech to insurance. Big tech companies like Google, Microsoft, IBM, Apple, and Amazon has committed to spend billions of dollars on cybersecurity with possible acts such as using, providing more secured tools and software, or creating a skilled workforce in the field of cybersecurity,... | |
| I-G | CNBC, Lauren Feiner, https://www.cnbc.com/2021/08/25/google-microsoft-plan-to-spend-billions-on-cybersecurity-after-meeting-with-biden.html | ||
| 14.9. | shida | The most important software on your PC is the web browser. So yes, you may be doing a lot of Photoshop or Premiere work, but where do you find your information? Where are you going to check and send your emails? Your browser, of course. In fact, Google has understood this well, and has even proven that all you need is a web browser. This is the raison d'être of Chromebooks. Microsoft, on the other hand, is pushing its users to switch to web-based Windows 365 Cloud PC . | |
| I-g | ZDNET , Publishers are constantly working to improve the performance and speed of their browsers. But how to measure them? , Steven J. Vaughan-Nichols , https://www.zdnet.fr/guide-achat/quels-outils-pour-mesurer-la-rapidite-des-navigateurs-web-39929137.htm | ||
| 14.9. | shida | Apple released iOS 14.8 to patch dangerous bugs that allow The most important software on your PC is the web browser. So yes, you may be doing a lot of Photoshop or Premiere work, but where do you find your information? Where are you going to check and send your emails? Your browser, of course. In fact, Google has understood this well, and has even proven that all you need is a web browser. This is the raison d'être of Chromebooks. Microsoft, on the other hand, is pushing its users to switch to web-based Windows 365 Cloud PC .[French] | |
| I-g | ZDNEet, Publishers are constantly working to improve the performance and speed of their browsers. But how to measure them?, Steven J. Vaughan-Nichols,https://www.zdnet.fr/guide-achat/quels-outils-pour-mesurer-la-rapidite-des-navigateurs-web-39929137.htm | ||
| 14.9. | Hamed | Apple has issued a software patch to block so-called "zero-click" spyware that could infect iPhones and iPads. Independent researchers identified the flaw, which lets hackers access devices through the iMessage service even if users do not click on a link or file. The researchers said that the previously unknown vulnerability affected all major Apple devices, including iPhones, Macs and Apple Watches. Apple said in a blog post that it had issued the iOS 14.8 and iPadOS 14.8 software patches after it became aware of a report that the flaw "may have been actively exploited". | |
| V-G | BBC News, https://www.bbc.com/news/business-58540936 | ||
| 14.9. | Hamed | MikroTik Confirms Mēris Botnet Targets Routers Compromised Years Ago. Capable of launching record-breaking distributed denial-of-service (DDoS) attacks, the botnet has only been around for several months, but security researchers believe it already has more than 200,000 bots. Overall, however, more than 328,000 routers are potentially at risk. The vast majority of the vulnerable devices run a stable iteration prior to the last, and they are in fact routers that were previously compromised in 2018. | |
| V-S | (i) SecurityWeek, (iii) Ionut Arghire, (iv) https://www.securityweek.com/mikrotik-confirms-m%C4%93ris-botnet-targets-routers-compromised-years-ago | ||
| 14.9. -1 | Hamed | Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use after free flaw in Indexed DB API, respectively. The company said it's "aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild" without sharing additional specifics. Chrome users are advised to update to the latest version (93.0.4577.82) to mitigate the risk associated with the flaw. | |
| V-S | https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html | ||
| 14.9. -1 | shida | Experts have discovered a vulnerability in Outlook. Criminals can use this vulnerability to pretend to be a user's contact, deceive users with similar internationalized domain names (IDNs) letters, and make users believe that these emails are from real contacts. Microsoft later replied to the expert, stating that it has reviewed this case. It also pointed out that if there is no digital signature, the identity of the sender is also untrustworthy. Therefore, users are reminded to be cautious of similar phishing emails. [CHINESE] | |
| V-s | Cybersechub.hk [Network Security] Microsoft Outlook has security loopholes. Hackers can imitate contacts and send phishing emails to users,https://www.cybersechub.hk/en/post/1301 | ||
| 14.9. | zui | Follows a wave of cyberattacks that have brought added urgency to security issues, last month, the White House hosted a cybersecurity summit with CEOs in sectors ranging from tech to insurance. Big tech companies like Google, Microsoft, IBM, Apple, and Amazon has committed to spend billions of dollars on cybersecurity with possible acts such as using, providing more secured tools and software, or creating a skilled workforce in the field of cybersecurity,... | |
| I-G | CNBC, Lauren Feiner, https://www.cnbc.com/2021/08/25/google-microsoft-plan-to-spend-billions-on-cybersecurity-after-meeting-with-biden.html | ||
| 13.9. -1 | shida | he tech giants' focus on end-to-end encryption was making it "impossible in some cases" for the police to do their jobs, Dame Cressida Dick wrote in the Telegraph on Saturday. On Wednesday, Home Secretary Priti Patel launched a new fund for technologies to keep children safe. She also called on tech firms to put user safety before profits. | |
| O-G | BBC NEWS,Cressida Dick: Tech giants make it impossible to stop terrorists, Mary-Ann Russon,https://www.bbc.com/news/business-58537599 | ||
| 13.9. | zui | Poly Network, a cryptocurrency network with the goal of realizing interoperability between multiple chains, was hacked last month, resulting in $600 million worth of stolen crypto assets. Even though the hacker has already decided to "quit the show" by returning most of the assets to the company, the incident reminds us the risks of investing in cryptocurrency. For example, its immutability property prevents fraud to a great extent (if done correctly), yet, at the same time, makes retrieving lost assets a nearly impossible task. | |
| V-G | NextAdvisor, "Poly Network Hacker Returns Stolen Crypto. Here’s What Investors Should Know", Kendall Little, https://time.com/nextadvisor/investing/cryptocurrency/poly-network-hack/ | ||
| 13.9. | uche | An Ontario man has been sentenced to more than 11 years in jail for conspiring to launder millions of dollars, including the proceeds of a massive online banking theft by North Korean Cybercriminals. Ghaleb Alaumary, 36, a dual Canadian and US national, was sentenced to 140 months in the US federal prison and ordered to pay more than $30 million in restitution to victims after pleading guilty to two counts of conspiracy to commit money laundering. He must also serve three years of supervised release after completing his prison sentence, according to a US Department of Justice (DoJ) | |
| C-g | (i)The Daily Swig (ii) https://portswigger.net/daily-swig/fraudster-handed-11-year-prison-term-for-role-in-north-korean-cybercrime-operation | ||
| 12.9. | JustASinner | A student, who used the messaging feature available in most UPI apps to make fake payments and con shop owners, was caught after being traced through his mobile number. The culprit conned smaller shops, for tea and coffee and "purchased" a camera worth Rs 42,000 and jewelry for over Rs 100,000 before being apprehended. | |
| C-G | The Indian Express, https://indianexpress.com/article/cities/bangalore/engineering-student-who-faked-upi-payments-nabbed-in-bengaluru-7503714/ | ||
| 11.9. -1 | Nenda | A huge cyber attack on Yandex happened in August and September. The attack was the biggest denial-of-service (DDoS) attack in the history of the internet. This attack was made by sending a myriad of requests that made a lot of data traffic in Yandex servers. They started to get these attacks in August and slowly they got more and more of them. Now on 5th of September it was the peak of the attacks. | |
| A-G | Reuters, https://www.reuters.com/technology/russias-yandex-says-it-repelled-biggest-ddos-attack-history-2021-09-09/, Alexander Marrow and Gleb Stolyarov | ||
| 11.9. | shida | The cybersecurity researchers at Cyber news have identified that over 2 million web servers are powered by outdated and vulnerable versions of Microsoft internet information services (IIS). By the view of the experts, Microsoft does not support the legacy IIS versions due to which threat actors can easily compromise them to inject all kinds of malware. | |
| O-O | Over 2 Million Web Servers Worldwide Running Vulnerable Legacy Microsoft Web Servers,Guru,https://cybersecuritynews.com/2-million-web-servers-worldwide/ | ||
| 11.9. | shida | The Investigative Committee of Russia (TFR), the FSB and the police detained a resident of Izhevsk, Sergei Magdanov, who is suspected of creating an online platform for ordering murders. It was hosted on the darknet. They also sold weapons and ammunition there, Kommersant reports . The Basmanny Court of Moscow has already received a petition from the TFR to arrest Magdanov. Investigators say the clients were literally flowing. Law enforcement agencies continue to establish new episodes of the case. [Russian] | |
| I-g | Moscow Daily News,The UK found a platform for ordering murders on the darknet. According to investigators, clients were "flowing",https://www.mn.ru/smart/sledstvennyj-komitet-nashel-v-darknete-ploshhadku-dlya-zakazov-ubijstv-po-versii-organov-oni-shli-potokom | ||
| 10.9. | uche | Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable, the company said in a statement on Wednesday. | |
| A-s | (i)The Hacker News (ii) https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html | ||
| 10.9. -1 | uche | Microsoft sets Nov. 1 deadline for shutting off old Outlook clients from 365 services Microsoft has reminded commercial customers using older versions of Outlook, they have two months to upgrade before they're cut off from the company's Microsoft 365 and Office 365 services. After November 1, 2021, only Outlook 2013 Service Pack 1 (with latest fixes) and later will be able to connect to Microsoft 365 services. Affected editions included Office 2007, which is out of all support; Office 2010, which was to exit support on the same Oct. 13 date: and Office 2013, which will receive support until April 2023. | |
| C-g | (i)ComputerWorld (ii)https://www.computerworld.com/article/3632129/microsoft-sets-nov-1-deadline-for-shutting-off-old-outlook-clients-from-365-services.html | ||
| 10.9. | skylark | A Russian "randomware as a service" (RAAS) group, REvil, has returned and related dark web portals have come back online. REvil was responsible, among others, for the attack on meat producer JBS in late May and an attack on the technology services provider Kaseya on July 4th. | |
| A-S | The Hacker News, Ravie Lakshmanan, https://thehackernews.com/2021/09/russian-ransomware-group-revil-back.html | ||
| 9.9. | shida | Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. | |
| A-S | The Hacker News,Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices,Ravie Lakshmanan,https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html | ||
| 9.9. | Nenda | The first cyber security standard called ISO/SAE 21434 for cars has been made. Following the rule all OEM manufacturers and their delivery chains will try to make their components, servers and processes in a more secure way. These news are very important because in mid 2022 all car companies are required to follow this rule in Europe, Japan and Korea. That's one third of the global car production. [Finnish] | |
| I-g | ETN, "Autoille tuli kyberturvastandardi", https://etn.fi/index.php/13-news/12541-autoille-tuli-kyberturvastandardi | ||
| 9.9. | uche | A critical security vulnerability allowing attackers to perform cross-account container takeover in Microsoft’s public cloud, dubbed “Azurescape”, has been uncovered by researchers. A malicious Azure user could have exploited these issues to execute code on other users’ containers, steal customer secrets and images deployed to the platform, and possibly abuse ACI’s infrastructure for crypto mining, Microsoft has rolled out a patch to ACI, but users should revoke any privileged credentials that were deployed to the platform before Aug. 31 to avoid compromise. They should also review access logs for any irregularities, Unit 42 recommended. | |
| V-S | (i) The threat post (ii)https://threatpost.com/azurescape-kubernetes-attack-container-cloud-compromise/169319/ | ||
| 9.9. | uche | Attackers have been targeting the Kurdish ethnic group for more than a year through a Facebook-based spyware campaign that disguises backdoors in legitimate Android apps. A group called BladeHawk is behind the campaign, discovered by researchers from cybersecurity firm ESET and active since at least March 2020, according to a report published this week. The campaign disguises the 888 RAT in Android apps using dedicated Facebook profiles, researchers aid. Researchers identified six profiles as part of the BladeHawk campaign, which has been sharing the Android spying apps and targeted about 11,000 followers through 28 unique posts. | |
| O-O | (i) The threat post (ii) https://threatpost.com/bladehawk-attackers-kurds-android/169300/ | ||
| 9.9. -1 | shida | Howard University in Washington D.C. was hit with a major ransomware attack, which forced the historically Black university to cancel classes and likely heralds a coming barrage of similar attacks against universities and K-12 institutions as the school year kicks off. | |
| V-G | The washington Post,The Cybersecurity 202: Ransomware threats barrel back after a slow Labor Day,Aaron Schaffer,https://www.washingtonpost.com/politics/2021/09/08/cybersecurity-202-ransomware-threats-barrel-back-after-slow-labor-day/ | ||
| 8.9. | Nenda | MSHTML Remote Code Execution Vulnerability called CVE-2021-40444 was found today. It has seriousness level of 8,8 of 10. It is an ongoing attack in Office 365 and Office 2019 on Windows 10. The attacker will convince the user to open a Microsoft Office document. This action will load Internet Explorer and take the user to a place where the malicious malware is then downloaded. People can avoid this risk by having fewer user rights on their computer. It is said that there isn't 100% solution to disabling this malware but there is some introductions in Microsoft's workarounds guide. [Finnish] | |
| V-s | Mikrobitti, Windowsin vakava nollapäivähaavoittuvuus hakkereiden aseena – paikkaa ei ole, Microsoft tarjoaa purkkaa reikään, Jori Virtanen, https://www.mikrobitti.fi/uutiset/mb/51ec9cc0-da32-4558-8706-6da342feae0e?ref=ampparit:8afd | ||
| 8.9. -1 | skylark | The German government admitted Tuesday that its federal police service (BKA) used controversial Israeli spyware known as Pegasus. The German parliamentary sources claimed Pegasus was only used "in a small number of cases". Germany's strict privacy laws only allow for data harvesting under very specific conditions, which led the BKA to buy a version of the software in which some spy functions were switched off. | |
| A-S | securityweek, AFP, https://www.securityweek.com/germany-admits-police-used-controversial-pegasus-spyware | ||
| 6.9. | shida | A school teacher was duped of Rs 83,000 after she was lured with a job offer in education-tech company on August 30. The 38 year old teacher from Borivli transfered the money to different bank accounts on recieving a call from a job portal and was asked to make a payment to secure the job. | |
| C-s | The Times of India, Mumbai: Teacher pays Rs 83,000 for lesson in cyber fraud,http://timesofindia.indiatimes.com/articleshow/85963166.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst | ||
| 6.9. | Nenda | Cybercriminals have targeted IoT devices because smart devices like smartwatches and other smart home accessories are more commonly used nowadays. The attackers are interested in stealing data and mining cryptocurrencies. Problem lies in personal devices that are connected to corporate networks. Also many of the IoT devices have weak or default passwords so brute-forcing is easier for the attackers. These attacks can still be preventable and people should keep their devices' firmware updated, change their passwords and reboot devices when they act strangely. | |
| V-S | threatpost, "IoT Attacks Skyrocket, Doubling in 6 Months", Tara Seals, https://threatpost.com/iot-attacks-doubling/169224/ | ||
| 5.9. | shida | Delhi Police has busted an interstate gang of cyber thugs operating fake websites in the name of several reputed brands. The gang used to cheat the identified business men by offering them dealerships. The police has arrested four gang members and sealed 117 banks accounts. The strings of this gang are related to cyber fraud incidents in 16 states.[Hindi] | |
| I-g | Amarujala,Gang running Fake website busted, Four arrested, 117 Bank accounts sealed,Prachi Priyam,https://www.amarujala.com/delhi/delhi-police-busts-an-interstate-gang-of-cyber-cheats-for-operating-multiple-fake-websites-of-iconic-brands?src=top-lead-home-13 | ||
| 5.9. | shida | Delhi Police has busted an interstate gang of cyber thugs operating fake websites in the name of several reputed brands. The gang used to cheat the identified business men by offering them dealerships. The police has arrested four gang members and sealed 117 banks accounts. The strings of this gang are related to cyber fraud incidents in 16 states. | |
| I-g | Amarujala,Gang running Fake website busted, Four arrested, 117 Bank accounts sealed,Prachi Priyam,https://www.amarujala.com/delhi/delhi-police-busts-an-interstate-gang-of-cyber-cheats-for-operating-multiple-fake-websites-of-iconic-brands?src=top-lead-home-13 | ||
| 5.9. | uche | The Dallas Independent School District (Dallas ISD) has disclosed a data breach exposing sensitive personal data belonging to students and employees enrolled or employed since 2010. “An unauthorized third party accessed our network, downloaded data, and temporarily stored it on an encrypted cloud storage site Impacted parties include students, with their parents or guardians, and employees and contractors who have been enrolled or employed by the organization since 2010. Stolen data belonging to employees or contractors included first and last names, addresses, phone numbers, Social Security numbers, dates of birth, dates of employment, salary information, and reasons for ending employment. | |
| A-S | (i) The daily Swig (cybersecurity news and views) (ii) https://portswigger.net/daily-swig/dallas-independent-school-district-reports-data-breach-impacting-current-and-former-students-staff | ||
| 4.9. -1 | shida | Thousands of New Zealanders' Friday afternoon workflow was interrupted today when their internet connection cut out due to a cyber attack on a main internet provider. Internet infrastructure provider Vocus - which operates Orcon, Slingshot, Flip, and Stuff Fibre internet connections - was hit with a DDoS attack which took its internet down for about 30 minutes just after 1pm this afternoon. In a statement on its website, Vocus confirmed the issue was related to a DDoS attack. | |
| A-G | RNZ,Kiwis lockdown Friday workday disrupted by cyber attack,Jean Bell,https://www.rnz.co.nz/news/national/450714/kiwis-lockdown-friday-workday-disrupted-by-cyber-attack | ||
| 4.9. -1 | shida | Autodesk, a software company that makes CAD software for manufacturing, has confirmed it was targeted as part of the SolarWinds supply-chain attack last year. In a SEC filing Autodesk said that it identified a compromised server and immediately took steps to contain and remediate the incidents. "While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations," the company said. | |
| A-S | cybersecurity-help,Autodesk admits it was victim of the SolarWinds supply-chain attack,https://www.cybersecurity-help.cz/blog/2295.html | ||
| 3.9. -1 | skylark | A university research group has identified 16 new vulnerabilities that affect commercial Bluetooth Classic (BT) stacks. The number of affected devices are estimated to be in the millions, using chips from manufacturers such as Intel, Qualcomm and Texas Instruments. The vulnerabilities allow denial-of-service attacks and can ultimately lead to foreign code execution. | |
| V-S | securityweek, Ionut Arghire, https://www.securityweek.com/braktooth-new-bluetooth-vulnerabilities-could-affect-millions-devices | ||
| 3.9. | shida | Several zero-day vulnerabilities in a home baby monitor could be exploited to allow hackers access to the camera feed and plant unauthorized code such as malware. The security flaws in the IoT devices, which are manufactured by China-based vendor Victure, were discovered by researchers from Bitdefender. In a security advisory (PDF), Bitfender detailed how a stack-based buffer overflow vulnerability in the ONVIF server component of Victure’s PC420 smart camera allowed an attacker to execute remote code on the target device. | |
| V-S | The Daily Swig,Zero-day flaws in IoT baby monitors could give attackers access to camera feeds,Jessica Haworth,https://portswigger.net/daily-swig/zero-day-flaws-in-iot-baby-monitors-could-give-attackers-access-to-camera-feeds | ||
| 2.9. -1 | skylark | A flaw was found in Quebec's vaccine passport app's QR code verification. A group of hackers claimed to have been able to obtain the QR codes for Canadian politicians. Another party showed it was easy to fool the app to give proof of vaccination for a fake person. A patch has since been issued fixing publicly known issues. | |
| V-S | https://www.itworldcanada.com/article/flaw-found-in-the-implementation-of-quebec-covid-passport-apps-verification-method/457751 | ||
| 1.9. -1 | uche | The Central Bank of Nigeria has announced the formal engagement of the global Fintech Company, Bitt Inc., as the Technical Partner for its digital currency, eNaira. In choosing Bitt Inc, the CBN relied on the company’s tested and proven digital currency experience, which is already in circulation in several Eastern Caribbean Countries. Bitt Inc. was key to the development and successful launch of the central bank’s digital currency (CBDC), pilot of the Eastern Caribbean Central Bank (ECCB), in April 2021. | |
| I-G | (i) The Punch Newspaper (ii) CBN states transfer limits as E-Naira begins October 1st (iii) https://punchng.com/cbn-states-transfer-limits-as-e-naira-begins-oct-1/ | ||