Security News

  • The Next Web
  • The Hackers News
  • Naked Security
  • HelpNet Security
  • Error
  • Security Week
  • Threat Post
  • Security Week
  • Security Affairs
  • IT World Canada
  • Fire Eye
  • Tech Channel
What size iPad Pro should you buy?

Last year, I decided I needed an iPad Pro. But there was one issue I struggled with when making my choice: what size iPad Pro should I buy? Strangely, I found a few articles that touched on this topic, but nothing that fully sated me. So, I vowed to right that wrong — and that’s what this article is all about. My goal is simple: to provide a useful guide on choosing the right size iPad Pro for you. This is a mission I’m so passionate about, that I’ve also put together a video all about the topic. You can watch…This… [...]

Amazon denies it’ll accept crypto, Bitcoin swiftly drops

Amazon on Monday denied a media report that the company plans to accept Bitcoin payments by the end of the year. Speculation had been mounting about the e-commerce giant’s moves crypto strategy. The rumors starting swirling last week after the company posted a job ad for a “Digital Currency and Blockchain Product Lead.” They gathered pace on Sunday when UK-based news outlet City AM cited an unnamed insider as saying the retailer will take Bitcoin payments “by the end of the year” and plans to launch its own token in 2022. The digital currency then briefly surged above $39,000, its highest…This… [...]

Spotify will now notify you immediately about new releases

When music streaming apps started offering their services in India, Rdio (RIP) was my top choice because it offered a list of new releases with multiple filters. This helped me keep track of new albums from artists that I loved. Now, Spotify is rolling out a similar feature that will help you keep track of all the new releases from your favorite artists. This feature, called What’s New, is accessible on your home screen via a bell icon. If there’s new content in your What’s New feed, you’ll see a blue dot on top of the bell icon. When you…This… [...]

The 8 best and worst decisions I made in my first year as a CMO

On average, CMOs have 40 months to prove their effectiveness. When it comes to startups, the figure is half that: you either bring explosive growth or get replaced. CMOs in SaaS companies must understand both the market and the audience, shape positioning, and support unit economics. They are also responsible for brand awareness, acquisition and retention, product launches, customer loyalty, and about a million other things. The story of Admixer’s marketing department is an unconventional one: I had to staff a team of 17 people for a mature adtech company from scratch. We had a year to relaunch the marketing…This… [...]

Intel will shake chips up by building Qualcomm’s future processors

I’ve always thought of Qualcomm as one of Intel‘s biggest rivals, what with its dominance of the non-Apple mobile market and its increasing presence in the PC space. But as it turns out, the companies are teaming up in a major new partnership for the years to come: Intel will manufacture future Qualcomm chips. Things can get a little confusing in the semiconductor world. while many companies design chips, not all of them actually manufacture their own hardware. Qualcomm, for instance, has had its Snapdragon processors made by both Samsung and TSMC. It’s a similar story for Apple. While Intel has…This… [...]

Lying, corrupt, anti-American cops are running amok with AI

Hundreds of thousands of law enforcement agents in the US have the authority to use blackbox AI to conduct unethical surveillance, generate evidence, and circumvent our Fourth Amendment protections. And there’s little reason to believe anyone’s going to do anything about it. The problem is that blackbox AI systems are a goldmine for startups, big tech, and politicians. And, since the general public is ignorant about what they do or how they’re being used, law enforcement agencies have carte blanche do whatever they want. Let’s start with the individual officers. Any cop, regardless of affiliation or status, has access to dozens…This… [...]

Watch a basketball robot show NBA stars how to shot

As the US men’s basketball team limped to a first Olympics loss since 2004, a robot gave them a lesson in elite-level shooting. The six-foot-ten machine rolled onto the court during half-time of the US‘ defeat to France and started swishing jump shots like a red-hot Steph Curry. Known as CUE, the droid was developed by Toyota engineers as a demonstration of machine learning. The bot uses inbuilt sensors and 3D mapping to locate the basket. Algorithms then calculate the optimum trajectory for the balls. Finally, motors in CUE’s arms and legs generate the power and accuracy required to find the…This… [...]

Study: Almost half of dating app users trust AI to find them a match

Almost half of dating app users would trust AI to find them a match, according to new research from cybersecurity firm Kaspersky. Their trust could put them in danger, however. Kaspersky also warned that many dating apps have major privacy risks. Up front: The mass adoption of dating apps means people now find potential partners through algorithmic recommendations. To investigate the tech’s effect on relationships, Kaspersky commissioned Sapio to survey more than 18,000 dating app users from six continents. The majority of respondents perceived the impact positively. Some 44% said they’d trust the matchmaking choice of AI, and 64% felt the…This… [...]

Leak: Microsoft’s Surface Duo 2 is shaping up to be a phone you might actually want

Microsoft’s Surface Duo was an awesome idea with unfortunate execution. I can personally see the use for a dual-screen phone without the durability concerns of a flexible screen, but reviewers found the device to be too weak, too expensive, and too buggy at launch to be worth recommending to most people. But perhaps one of its biggest sins was the lack of a competitive camera. There was no camera on the outside of the device, and users were stuck using the middling 11MP selfie cam for all their photos. The Surface Duo 2 appears to change that in a big way,…This… [...]

Indiana is testing magnetizable concrete for wireless EV charging

Wireless charging might well be the next big revelation in EV infrastructure, and the state of Indiana is the latest to try it out. The Indiana Department of Transportation (INDOT) and Purdue University have announced their plan to integrate wireless charging into the state’s highways thanks to a special magnetizable concrete, called “magment.”  Developed by the homonymous German firm Magment, this concrete product consists of cement and recycled magnetic particles. As per the company, the concrete medium has “record-breaking wireless transmission efficiency… up to 95%,” and “standard road-building installation costs, while “enabling universal charging,” among other uses.  The project will be implemented…This… [...]

BIMI: A Visual Take on Email Authentication and Security

There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to quickly identify [...]

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory [...]

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed "PetitPotam," was discovered by security researcher Gilles Lionel, who shared [...]

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the [...]

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to obtain hashed passwords [...]

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known [...]

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual [...]

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring

Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation. The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been [...]

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code

After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no [...]

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent [...]

APT Hackers Distributed Android Trojan via Syrian e-Government Portal

An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu [...]

Reduce End-User Password Change Frustrations

Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.  One of the most common areas where security may cause challenges for [...]

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without [...]

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish [...]

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and [...]

US and Global Allies Accuse China of Massive Microsoft Exchange Attack

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, "with a high degree of [...]

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any [...]

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks. "Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT [...]

Several New Critical Flaws Affect CODESYS Industrial Automation Software

Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely [...]

New Windows and Linux Flaws Give Attackers Highest System Privileges

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed "SeriousSAM.""Starting with Windows 10 [...]

[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams

Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t prevent these attacks from happening, what can lean security teams look forward to?  Surprisingly, leaner teams have a much greater chance than [...]

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of [...]

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers [...]

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to [...]

Five Critical Password Security Rules Your Employees Are Ignoring

According to Keeper Security's Workplace Password Malpractice Report, many remote workers aren't following best practices for password security. Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security's Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. [...]

Windows “PetitPotam” network attack – how to protect against it

A cute name but an annoying and potentially damaging attack. Here's what to do. [...]

US court gets UK Twitter hack suspect arrested in Spain

O, what a tangled web we weave/When first we practise to deceive! [...]

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Windows "hives" contain registry data, some of it secret. The nightmare is that these files aren't properly protected against snooping. [...]

Apple iPhone patches are out – no news if recent Wi-Fi bug is fixed

Remember that weird iPhone Wi-Fi bug from a week or so ago? Let's hope this update patches it! [...]

More PrintNightmare: “We TOLD you not to turn the Print Spooler back on!”

The PrintNightmare continues. So does our advice, even though it stops your printer working. [...]

Want to earn $10 million? Snitch on a cybercrook!

Will going after the big guns help to discourage and disrupt the rest of the cybercrime ecosystem? Have your say... [...]

The Code Red worm 20 years on – what have we learned?

"It was 20 years ago today..." that we learned a few lessons that are well worth revisiting! [...]

Home delivery scams get smarter – don’t get caught out

We've said it before, and we'll say it again: don't be in too much of a hurry for those home deliveries you're expecting! [...]

IBM announced IBM z/OS V2.5, the next-generation operating system (OS) for IBM Z, designed to accelerate client adoption of hybrid cloud and AI and drive application modernization projects. According to an IBM Institute for Business Value study “Application modernization on the mainframe” released today, 71% of executives surveyed say mainframe-based applications are central to their business strategy; and in three years, the percentage of organizations leveraging mainframe assets in a hybrid cloud environment is expected … More → The post IBM z/OS V2.5 strengthens security and drives app modernization projects appeared first on Help Net Security. [...]

A little over $3,000 — that’s how much stolen corporate network credentials tend to go for on the dark web. Although the exact asking price for an individual’s credentials may depend on several factors, like how much revenue their enterprise makes, particularly valuable organizations may even see their login details auctioned off for as much as $120,000. While a successful ransomware attack is capable of fetching cybercriminals almost 10 times as much in ransom, even … More → The post How to prevent corporate credentials ending up on the dark web appeared first on Help Net Security. [...]

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey conducted by Fugue and Sonatype. Serious cloud security data leak The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organizations suffered a serious cloud security data leak or a breach in … More → The post 36% of organizations suffered a serious cloud security data leak or a breach in the past year appeared first on… [...]

Account takeovers (ATOs) are on the rise, fueled by the widespread use of automated bots. The media industry, which includes social networks, content streaming, gambling, gaming, and online dating sites, is seeing attacks on new account creation processes at a higher rate than any other industry in the second half of 2020, according to a recent report by LexisNexis Risk Solutions. Fraudsters often test stolen identity data via media organizations. The media industry recorded significant … More → The post Turning the tide on surging account takeovers in the media industry appeared first on Help Net Security. [...]

Software and hardware vulnerabilities are an ever-present threat to every enterprise. In response to the tedious and time-consuming processes often associated with traditional vulnerability management, enterprise IT administrators have started looking for better alternatives that can integrate with their existing IT management framework. In this product showcase, we bring to you Vulnerability Manager Plus from ManageEngine. Vulnerability Manager Plus is an enterprise security program that can be used as a stand-alone tool as well as … More → The post Product showcase: ManageEngine Vulnerability Manager Plus appeared first on Help Net Security. [...]

An overwhelming percentage (75%) of CISOs consider their organization to be at greater risk of a cybersecurity attack due to the transition to home working, with a third admitting they’ve taken their eye off the ball during these past 12 months losing track of leavers and devices, according to a new survey from BlueFort Security, a provider of cybersecurity solutions. The study, which surveyed 600 CISOs from a variety of UK organizations, found that the … More → The post CISOs operating blind, with limited visibility and control appeared first on Help Net Security. [...]

With concerns around online fraud and identity theft rising, consumers expect businesses to utilize new technologies to protect them online. According to research from Trulioo, 84% of people believe that businesses will need to rely more on automated fraud protection to protect customers as fraudsters become more sophisticated. The research revealed positive attitudes towards a number of newer methods of identity authentication amongst consumers in China, the UK and the U.S. Almost three quarters (74%) … More → The post Consumer attitudes towards various digital identity authentication methods appeared first on Help Net Security. [...]

Consumer reliance on applications and digital services has soared since the start of the COVID-19 pandemic. A new global study by Cisco AppDynamics, which examined the digital behaviors of more than 13,000 global consumers, also identified consumers now have a zero-tolerance policy for poor application experience and automatically place blame on the application and brand, no matter where a performance issue stems from. Consumers and the reliance on digital services Since the start of 2020, … More → The post Consumer expectations of digital services increased since early 2020 appeared first on Help Net Security. [...]

Congress Rental Network Partner, Smart Choice Audiovisuais, has installed a large Dicentis conferencing and interpretation system at Centro Cultural de Belém, the Portuguese EU Presidency Headquarters in Lisbon. A total of 70 Dicentis and 50 Dicentis Wireless Discussion devices with touchscreens provide the main input. The solution can be used to deliver in-person meetings at the venue, as well as remote and hybrid meetings to overcome the challenges presented by the COVID-19 pandemic. The core … More → The post Bosch provides conferencing and interpretation equipment for high-profile meetings appeared first on Help Net Security. [...]

Blue Hexagon announced the native integration of Blue Hexagon’s real-time deep learning based threat detection with AWS Network Firewall for real-time protection. This integration provides protection against known threats, variants of known threats, as well as unknown 0-day threats for which no signatures exist. As a cloud security platform, for actionable visibility, real-time threat defense and continuous compliance, this integration underscores Blue Hexagon’s commitment to delivering innovative solutions to the AWS customers who need to … More → The post Blue Hexagon integrates with AWS Network Firewall to offer protection against unknown cloud threats appeared first on Help Net Security. [...]

RSS Error: A feed could not be found at http://www.nist.org/nist_plugins/rss_menu/rss.php?1.3. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.

Judge: Ex-CIA Worker Can Represent Himself in Espionage Case

A former CIA software engineer can represent himself at his upcoming retrial on espionage charges, a judge said Monday. read more [...]

Apple Patches 'Actively Exploited' Mac, iOS Security Flaw

Apple on Monday released a major security update with fixes for a security defect the company says “may have been actively exploited” to plant malware on macOS and iOS devices. read more [...]

Firefox 90 Drops Support for FTP Protocol

Mozilla has completely removed support for the File Transfer Protocol (FTP) from the latest release of its flagship Firefox web browser. read more [...]

No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion

No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion. read more [...]

Amnesty Urges Moratorium on Surveillance Technology in Pegasus Scandal

Allegations that governments used phone malware supplied by an Israeli firm to spy on journalists, activists and heads of state have "exposed a global human rights crisis," Amnesty International said, asking for a moratorium on the sale and use of surveillance technology. read more [...]

What We Learn from MITRE's Most Dangerous Software Weaknesses List

A look into MITRE's 2021 CWE Top 25 Most Dangerous Software Weaknesses read more [...]

'Holy Moly!': Inside Texas' Fight Against a Ransomware Hack

It was the start of a steamy Friday two Augusts ago when Jason Whisler settled in for a working breakfast at the Coffee Ranch restaurant in the Texas Panhandle city of Borger. The most pressing agenda item for city officials that morning: planning for a country music concert and anniversary event. read more [...]

Leading Threat to Industrial Security is Not What You Think

As attackers become more sophisticated, so do their attacks. This in turn exposes threat vectors that once were thought to be well protected, or at least not interesting enough to attack. Nowhere is this truer than in industrial control systems (ICS) environments. read more [...]

GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies

GitLab last week announced the release of a new open source tool designed to help software developers identify malicious code in their projects’ dependencies. read more [...]

Enterprises Warned of New PetitPotam Attack Exposing Windows Domains

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain. read more [...]

Threat Actors Target Kubernetes Clusters via Argo Workflows

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer. read more [...]

House Passes Several Critical Infrastructure Cybersecurity Bills

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments. read more [...]

TikTok fined €750,000 for Violating Children's Privacy

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data. read more [...]

Dutch Police Arrest Alleged Member of 'Fraud Family' Cybercrime Gang

Authorities in the Netherlands have arrested a 24-year-old believed to be a developer of phishing frameworks for a cybercrime ring named “Fraud Family.” read more [...]

Cyber Risk Management Firm Safe Security Raises $33 Million

Cyber risk measurement and mitigation platform provider Safe Security this week announced that it has received a $33 million strategic investment led by BT Group. The funds, Safe Security says, will be used to double the size of its engineering team, as well as to increase the company’s spending on research and development. read more [...]

Industrial Cybersecurity Firm SynSaber Launches With $2.5M in Seed Funding

SynSaber, a new industrial cybersecurity company, announced its launch this week with $2.5 million in seed funding from SYN Ventures, Rally Ventures and Cyber Mentor Fund. read more [...]

Estonian Botnet Operator Pleads Guilty in U.S. Court

An Estonian national has pleaded guilty in a United States court to two counts of computer fraud and abuse over his role in creating and operating a proxy botnet. read more [...]

Kaseya Obtains Universal Decryptor for Ransomware Attack Victims

IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files. read more [...]

Akamai Software Update Triggers Internet Outages

Websites were briefly knocked offline Thursday after a software update triggered a glitch at network specialty firm Akamai. Reports of internet outages from locations around the world spiked at website Downdetector, with US-based Akamai saying some websites were offline for as long as an hour. read more [...]

Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing.  read more [...]

Atlassian Patches Critical Vulnerability in Jira Data Center Products

Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. read more [...]

Google Cloud Unveils New SOC, IDS Solutions

Google Cloud this week announced new security offerings for its customers, including Autonomic Security Operations to improve security operations centers (SOCs) and Cloud Intrusion Detection System (IDS) for network-based threat detection. read more [...]

China-Linked APT31 Abuses Hacked Routers in Attacks, France Warns

The French National Agency for the Security of Information Systems (ANSSI) on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks. read more [...]

iOS Security Update Patches Recently Disclosed Wi-Fi Vulnerability

Tens of Vulnerabilities Patched by Apple in macOS and iOS Apple this week started rolling out security updates for iOS, macOS, iPadOS, watchOS, tvOS, and Safari, to address tens of vulnerabilities, including some that could result in arbitrary code execution. read more [...]

CISA Details Malware Used in Attacks Targeting Pulse Secure Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks. read more [...]

Podcast: IoT Piranhas Are Swarming Industrial Controls

Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. [...]

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. [...]

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. [...]

Malware Makers Using ‘Exotic’ Programming Languages

Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. [...]

The True Impact of Ransomware Attacks

Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations. [...]

Discord CDN and API Abuses Drive Wave of Malware Detections

Targets of Discord malware expand far beyond gamers. [...]

5 Steps to Improving Ransomware Resiliency

Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today. [...]

FIN7’s Liquor Lure Compromises Law Firm with Backdoor

Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment. [...]

Kaseya Obtains Universal Decryptor for REvil Ransomware

The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid. [...]

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics

Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. [...]

Judge: Ex-CIA Worker Can Represent Himself in Espionage Case

A former CIA software engineer can represent himself at his upcoming retrial on espionage charges, a judge said Monday. read more [...]

Apple Patches 'Actively Exploited' Mac, iOS Security Flaw

Apple on Monday released a major security update with fixes for a security defect the company says “may have been actively exploited” to plant malware on macOS and iOS devices. read more [...]

Firefox 90 Drops Support for FTP Protocol

Mozilla has completely removed support for the File Transfer Protocol (FTP) from the latest release of its flagship Firefox web browser. read more [...]

No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion

No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion. read more [...]

Amnesty Urges Moratorium on Surveillance Technology in Pegasus Scandal

Allegations that governments used phone malware supplied by an Israeli firm to spy on journalists, activists and heads of state have "exposed a global human rights crisis," Amnesty International said, asking for a moratorium on the sale and use of surveillance technology. read more [...]

What We Learn from MITRE's Most Dangerous Software Weaknesses List

A look into MITRE's 2021 CWE Top 25 Most Dangerous Software Weaknesses read more [...]

'Holy Moly!': Inside Texas' Fight Against a Ransomware Hack

It was the start of a steamy Friday two Augusts ago when Jason Whisler settled in for a working breakfast at the Coffee Ranch restaurant in the Texas Panhandle city of Borger. The most pressing agenda item for city officials that morning: planning for a country music concert and anniversary event. read more [...]

Leading Threat to Industrial Security is Not What You Think

As attackers become more sophisticated, so do their attacks. This in turn exposes threat vectors that once were thought to be well protected, or at least not interesting enough to attack. Nowhere is this truer than in industrial control systems (ICS) environments. read more [...]

GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies

GitLab last week announced the release of a new open source tool designed to help software developers identify malicious code in their projects’ dependencies. read more [...]

Enterprises Warned of New PetitPotam Attack Exposing Windows Domains

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain. read more [...]

Threat Actors Target Kubernetes Clusters via Argo Workflows

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer. read more [...]

House Passes Several Critical Infrastructure Cybersecurity Bills

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments. read more [...]

TikTok fined €750,000 for Violating Children's Privacy

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data. read more [...]

Dutch Police Arrest Alleged Member of 'Fraud Family' Cybercrime Gang

Authorities in the Netherlands have arrested a 24-year-old believed to be a developer of phishing frameworks for a cybercrime ring named “Fraud Family.” read more [...]

Cyber Risk Management Firm Safe Security Raises $33 Million

Cyber risk measurement and mitigation platform provider Safe Security this week announced that it has received a $33 million strategic investment led by BT Group. The funds, Safe Security says, will be used to double the size of its engineering team, as well as to increase the company’s spending on research and development. read more [...]

Industrial Cybersecurity Firm SynSaber Launches With $2.5M in Seed Funding

SynSaber, a new industrial cybersecurity company, announced its launch this week with $2.5 million in seed funding from SYN Ventures, Rally Ventures and Cyber Mentor Fund. read more [...]

Estonian Botnet Operator Pleads Guilty in U.S. Court

An Estonian national has pleaded guilty in a United States court to two counts of computer fraud and abuse over his role in creating and operating a proxy botnet. read more [...]

Kaseya Obtains Universal Decryptor for Ransomware Attack Victims

IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files. read more [...]

Akamai Software Update Triggers Internet Outages

Websites were briefly knocked offline Thursday after a software update triggered a glitch at network specialty firm Akamai. Reports of internet outages from locations around the world spiked at website Downdetector, with US-based Akamai saying some websites were offline for as long as an hour. read more [...]

Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing.  read more [...]

Atlassian Patches Critical Vulnerability in Jira Data Center Products

Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. read more [...]

Google Cloud Unveils New SOC, IDS Solutions

Google Cloud this week announced new security offerings for its customers, including Autonomic Security Operations to improve security operations centers (SOCs) and Cloud Intrusion Detection System (IDS) for network-based threat detection. read more [...]

China-Linked APT31 Abuses Hacked Routers in Attacks, France Warns

The French National Agency for the Security of Information Systems (ANSSI) on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks. read more [...]

iOS Security Update Patches Recently Disclosed Wi-Fi Vulnerability

Tens of Vulnerabilities Patched by Apple in macOS and iOS Apple this week started rolling out security updates for iOS, macOS, iPadOS, watchOS, tvOS, and Safari, to address tens of vulnerabilities, including some that could result in arbitrary code execution. read more [...]

CISA Details Malware Used in Attacks Targeting Pulse Secure Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks. read more [...]

The Babuk ransomware operators seem to have suffered a ransomware attack, threat actors flooded their forum gay orgy porn images. At the end of June, the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. The Babuk Locker operators halted their operations at the end […] The post Hackers flooded the Babuk ransomware gang’s forum with gay porn images appeared first on Security Affairs. [...]

Apple released a security update that addresses CVE-2021-30807 flaw in macOS and iOS that may have been actively exploited to deliver malware Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively exploited to plant malware on vulnerable devices. The vulnerability resides in the IOMobileFramebuffer, which is a […] The post Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year appeared first on Security Affairs. [...]

No More Ransom helped ransomware victims to save almost €1B

The No More Ransom initiative celebrates its fifth anniversary, over 6 million victims of ransomware attacks recover their files for free saving almost €1 billion in payments. No More Ransom is celebrating its 5th anniversary, the initiative allowed more than 6 million ransomware victims to recover their files for free saving roughly $1 billion in […] The post No More Ransom helped ransomware victims to save almost €1B appeared first on Security Affairs. [...]

Hiding Malware inside a model of a neural network

Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense solutions. Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network. Tests conducted by the experts […] The post Hiding Malware inside a model of a neural network appeared first on Security Affairs. [...]

Microsoft publishes mitigations for the PetitPotam attack

Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. Microsoft has released mitigations for the recently discovered PetitPotam NTLM attack that could allow attackers to take over a domain controller. A few days ago, security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in […] The post Microsoft publishes mitigations for the PetitPotam attack appeared first on Security Affairs. [...]

Threat actor offers Clubhouse secret database containing 3.8B phone numbers

A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers. Clubhouse is a social audio app for iOS and Android where users can communicate in voice chat rooms that accommodate groups of thousands of people. The audio-only app hosts live discussions, with opportunities to participate through speaking and listening. Conversations are prohibited by Clubhouse’s guidelines […] The post Threat actor offers Clubhouse secret database containing 3.8B phone numbers appeared first on Security Affairs. [...]

Crooks target Kubernetes installs via Argo Workflows to deploy miners

Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners. Argo Workflows is an open-source, container-native workflow engine designed to run on K8s clusters. The experts discovered Argo Workflows instances with […] The post Crooks target Kubernetes installs via Argo Workflows to deploy miners appeared first on Security Affairs. [...]

XCSSET MacOS malware targets Telegram, Google Chrome data and more

XCSSET macOS malware continues to evolve, now it is able to steal login information from multiple apps, including Telegram and Google Chrome. Security researchers from Trend Micro continues to monitor the evolution of the XCSSET macOS malware, new variants are able to steal login information from multiple apps, including Telegram and Google Chrome, and send […] The post XCSSET MacOS malware targets Telegram, Google Chrome data and more appeared first on Security Affairs. [...]

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. HelloKitty ransomware gang targets vulnerable SonicWall devices Instagram implements ‘Security Checkup to help users recover compromised accounts Chinese […] The post Security Affairs newsletter Round 324 appeared first on Security Affairs. [...]

Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned private US companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) […] The post Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics appeared first on Security Affairs. [...]

Hashtag Trending July 27 – Electric vehicle myth debunk; AI speech tool to spreads fake news? And Telsa gets tricked by moon

A new study debunks a longstanding electric vehicle myth, AI speech recreation tools have some experts worried, and Tesla’s automated cars hit a snag. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Tuesday, July 27, and I’m your host, Tom Li. A new study from the International Council on […] The post Hashtag Trending July 27 – Electric vehicle myth debunk; AI speech tool to spreads fake news? And Telsa gets tricked by moon first appeared on IT World Canada. [...]

Microsoft warns attack could compromise Windows domain controllers and servers

Microsoft issues mitigations for the latest in what it calls classic NTLM relay attacks on Windows. One researcher called the proof of concept of the attack "brutal" The post Microsoft warns attack could compromise Windows domain controllers and servers first appeared on IT World Canada. [...]

Nokia Canada partners with EDC to strengthen supply chain

Nokia and Export Development Canada partners to strengthen the Canadian supply chain. The post Nokia Canada partners with EDC to strengthen supply chain first appeared on IT World Canada. [...]

Cyber Security Today, July 26, 2021 – Beware of fake Windows 11 downloads, how an insurance giant was hacked, a ransomware gang attacked and more

Today's episode reports on phony Windows 11 downloads, how an insurance giant was hacked, Mac malware, a ransomware gang attacked and more The post Cyber Security Today, July 26, 2021 – Beware of fake Windows 11 downloads, how an insurance giant was hacked, a ransomware gang attacked and more first appeared on IT World Canada. [...]

Hashtag Trending July 26- RBC adds 300 tech jobs to Calgary; DNS error brings down major services; Loneliness is on the rise due to technology

RBC’s new innovation hub adds another 300 tech jobs to Calgary, A DNS error brought down major services on Thursday, and technology is attributing to loneliness in adolescents.   It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Monday, July 26, and I’m your host, Tom Li. RBC is bringing […] The post Hashtag Trending July 26- RBC adds 300 tech jobs to Calgary; DNS error brings down major services; Loneliness is on the rise due to technology first appeared on IT World Canada. [...]

Cyber Security Today, Week in Review for Friday July 23, 2021

This episode looks at the proposed overhaul of Canada's federal privacy law and why critics say it isn't good enough The post Cyber Security Today, Week in Review for Friday July 23, 2021 first appeared on IT World Canada. [...]

RBC to launch innovation hub in Calgary, bring 300 new tech jobs

Royal Bank of Canada (RBC) will be welcoming 300 new technology employees at a new Calgary innovation hub scheduled to launch in September 2021. The post RBC to launch innovation hub in Calgary, bring 300 new tech jobs first appeared on IT World Canada. [...]

Kaseya obtains ransomware decryptor to help VSA victims

Kaseya VSA customers struggling to recover from the REvil ransomware attack earlier this month have some good news: the company has received a decryptor to unscramble encrypted data. The company said Thursday it is helping impacted customers after obtaining the decryption tool from an unnamed third party. So far it has had no reports of […] The post Kaseya obtains ransomware decryptor to help VSA victims first appeared on IT World Canada. [...]

Cyber Security Today, July 23, 2021 – Sophos opens a Canadian data centre, people still fall for tech support scams and Amazon cuts off a controversial spyware company

This episode reports on the availability of a new Canadian data centre for users of Sophos products, a survey shows people still fall for tech support scams, Amazon cuts off a controversial spyware company and new figures on ransomware attacks The post Cyber Security Today, July 23, 2021 – Sophos opens a Canadian data centre, people still fall for tech support scams and Amazon cuts off a controversial spyware company first appeared on IT World Canada. [...]

Hashtag Trending July 23- Right to Repair laws; Twitter’s voting feature; Flood hits iPhone production site in China

The FTC has voted unanimously to enforce Right to Repair laws, Twitter is testing out new voting features and Apple’s largest iPhone production site has been affected by flooding in Central China. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Friday, July 23, and I’m your host, Tom Li. […] The post Hashtag Trending July 23- Right to Repair laws; Twitter’s voting feature; Flood hits iPhone production site in China first appeared on IT World Canada. [...]

LG to use 100% renewable energy by 2050

LG Electronics announced today that it’s planning on running its entire business on renewable energy by 2050 as a part of its sustainability strategy. The transformation will be phased by region starting with North America. LG said in its press release that it plans on powering all of its North American offices and manufacturing sites […] The post LG to use 100% renewable energy by 2050 first appeared on IT World Canada. [...]

Several communication, financial and transportation website outages reported through Canada and the U.S.

A DNS outage at Amakai knocked out a number of critical services Thursday afternoon. The post Several communication, financial and transportation website outages reported through Canada and the U.S. first appeared on IT World Canada. [...]

Hashtag Trending July 22 – Macron Targeted by Pegasus; Venmo removes a controversial feature; DuckDuckGo introduces email protection

A report finds French President Emmanuel Macron was targeted by Pegasus spyware, Venmo removes a puzzling feature, and DuckDuckGo has announced an email protection service. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Thursday, July 22, and I’m your host, Tom Li. The BBC is reporting that French President […] The post Hashtag Trending July 22 – Macron Targeted by Pegasus; Venmo removes a controversial feature; DuckDuckGo introduces email protection first appeared on IT World Canada. [...]

Panasonic releases the Toughbook G2 modular rugged PC

This hardy device comes with a swappable battery and storage. The post Panasonic releases the Toughbook G2 modular rugged PC first appeared on IT World Canada. [...]

Huawei network gear again fails to meet cybersecurity quality, says UK board

Seventh annual report of agency still finds problems The post Huawei network gear again fails to meet cybersecurity quality, says UK board first appeared on IT World Canada. [...]

Two Linux vulnerabilities give exploiters root privileges

Linux administrators are urged to watch for and install patches to fix two major vulnerabilities in the operating system. Both discovered by researchers at Qualys, one is a stack exhaustion denial-of-service vulnerability in systemd, described as a near-ubiquitous utility available on major Linux operating systems and the second is a flaw in the Linux kernel […] The post Two Linux vulnerabilities give exploiters root privileges first appeared on IT World Canada. [...]

Microsoft issues workaround for new Win10 privilege escalation problem

Vulnerability in security account manager is serious enough to recommend deletion of volume shadow copiies The post Microsoft issues workaround for new Win10 privilege escalation problem first appeared on IT World Canada. [...]

Cyber Security Today, July 21, 2021 – Another printer vulnerability found, and more corporate ransomware victims

Today's episode reports on a possible data theft from a Canadian medical treatment chain, another printer vulnerability discovered, more corporate ransomware victims and another piece of malware aimed at those who want cracked software The post Cyber Security Today, July 21, 2021 – Another printer vulnerability found, and more corporate ransomware victims first appeared on IT World Canada. [...]

Hashtag Trending July 21- Apple delays return to office plans; WhatsApp blocks 2 million accounts; Jeff Bezos goes to space

Apple puts a pause on return to office plans, WhatsApp blocks 2 million accounts to combat spam messages and Jeff Bezos successfully makes a journey to space. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Wednesday, July 21, and I’m your host, Tom Li. Apple is delaying the return […] The post Hashtag Trending July 21- Apple delays return to office plans; WhatsApp blocks 2 million accounts; Jeff Bezos goes to space first appeared on IT World Canada. [...]

Tesla turns ‘full self-driving’ into a subscription

Imagine buying a new car and being told that there’s an additional subscription required to unlock the full car. Sounds like a nightmare, right? But that seems to be what’s in store for Tesla customers. Tech publication Mashable scraped the details from Tesla’s support page. Essentially, drivers will need to pay up to $199 a month […] The post Tesla turns ‘full self-driving’ into a subscription first appeared on IT World Canada. [...]

The U.S. wants to prevent China from buying advanced chip manufacturing equipment

Netherlannd-based ASML is another company caught in the tech war between China and the U.S. The post The U.S. wants to prevent China from buying advanced chip manufacturing equipment first appeared on IT World Canada. [...]

Zoom to acquire cloud contact centre provider Five9 for $14.7 billion

Zoom Video Communications has entered into a definitive agreement to acquire cloud-based contact centre solutions provider Five9, in an all-stock transaction valued at approximately $14.7 billion. The post Zoom to acquire cloud contact centre provider Five9 for $14.7 billion first appeared on IT World Canada. [...]

Accenture acquires Toronto-based Cloudworks to expand Oracle footprint in Canada

Accenture has acquired Toronto-based Oracle Cloud implementation service provider Cloudworks to deliver Oracle solutions to clients across Canada. The post Accenture acquires Toronto-based Cloudworks to expand Oracle footprint in Canada first appeared on IT World Canada. [...]

Is Canada’s reform of privacy legislation dead?

Eight months ago the Liberal government announced an overhaul of PIPEDA. But if, as predicted, it is about to call a fall election the bill dies The post Is Canada’s reform of privacy legislation dead? first appeared on IT World Canada. [...]

Coffee Briefing, July 20, 2021 – PrintNightmare continues; Driving as a service; and more

Coffee Briefings are timely deliveries of the latest ITWC headlines, interviews, and podcasts. These briefings drop on Tuesday mornings. Today’s Coffee Briefing is delivered by IT World Canada reporter Tom Li, with files from the rest of the editorial team! Missed last week’s Coffee Briefing? We got you covered. ITWC Podcasts Listen to the latest episode of […] The post Coffee Briefing, July 20, 2021 – PrintNightmare continues; Driving as a service; and more first appeared on IT World Canada. [...]

capa 2.0: Better, Faster, Stronger

We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check out our first blog post. You can download capa 2.0 standalone binaries from the project’s release page and checkout the source code on GitHub. capa 2.0 enables anyone to contribute rules more easily, which makes the existing ecosystem even more vibrant. This blog post details the following major improvements included in capa 2.0:… [...]

Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse
Secure VPN Devices

On April 20, 2021, Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to intrusions involving compromises of Pulse Secure VPN appliances at organizations across the defense, government, high tech, transportation, and financial sectors in the U.S. and Europe (Figure 1). Reverse engineers on the FLARE team have identified four additional code families specifically designed to manipulate Pulse Secure… [...]

Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise

Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. As reported in the Mandiant post, "Shining a Light on DARKSIDE Ransomware Operations," Mandiant Consulting has investigated intrusions involving several DARKSIDE affiliates. UNC2465 is one of those DARKSIDE affiliates that Mandiant believes has been active since at least March 2020. The intrusion that is detailed in this post began on May 18, 2021, which occurred days after the publicly reported… [...]

Crimes of Opportunity: Increasing Frequency of Low Sophistication
Operational Technology Compromises

Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where actors with varying levels of skill and resources use common IT tools and techniques to gain access to and interact with exposed OT systems. The activity is typically not sophisticated and is normally not targeted against specific organizations. Rather, the compromises appear to be driven by threat actors who… [...]

Shining a Light on DARKSIDE Ransomware Operations

Update (May 14): Mandiant has observed multiple actors cite a May 13 announcement that appeared to be shared with DARKSIDE RaaS affiliates by the operators of the service. This announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers, and would be closing their service. Decrypters would also be provided for companies who have not paid, possibly to their affiliates to distribute. The post cited law enforcement pressure and pressure from the United States for this decision. We have not independently validated these claims and there is some speculation by other actors that this could… [...]

Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass
Techniques and Pulse Secure Zero-Day

Executive Summary Mandiant recently responded to multiple security incidents involving compromises of Pulse Secure VPN appliances. This blog post examines multiple, related techniques for bypassing single and multifactor authentication on Pulse Secure VPN devices, persisting across upgrades, and maintaining access through webshells. The investigation by Pulse Secure has determined that a combination of prior vulnerabilities and a previously unknown vulnerability discovered in April 2021, CVE-2021-22893, are responsible for the initial infection vector. Pulse Secure’s parent company, Ivanti, released mitigations for a vulnerability exploited in relation to these malware families and the Pulse Connect Secure Integrity Tool for their customers to… [...]

The UNC2529 Triple Double: A Trifecta Phishing Campaign

In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced. This blog post will discuss the phishing campaign, identification of three new malware families, DOUBLEDRAG, DOUBLEDROP and DOUBLEBACK, provide a deep dive into their functionality, present an overview of the actor’s modus operandi and our conclusions. A future blog post will focus on the backdoor communications and the differences between… [...]

UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other vendors as SOMBRAT. Mandiant has linked the use of SOMBRAT to the deployment of ransomware, which has not been previously reported publicly. UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums. UNC2447 has been observed targeting organizations in Europe and North America and has consistently displayed advanced capabilities to evade… [...]

Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device. The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network. The vulnerabilities are being tracked in the following CVEs: CVE-2021-20021 9.8 Unauthorized administrative account creation CVE-2021-20022 7.2 Post-authentication arbitrary file upload CVE-2021-20023 4.9 Post-authentication arbitrary file read Mandiant has been coordinating… [...]

In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in Lithuania, Latvia and Poland and promotes narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in Eastern Europe. Since releasing our public report, we have continued to investigate and report on Ghostwriter activity to Mandiant Intelligence customers. We tracked new incidents as they happened and identified activity extending back years before we formally identified the campaign in 2020. A new report by our Information Operations analysis, Cyber Espionage analysis, and… [...]

Abusing Replication: Stealing AD FS Secrets Over the Network

Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on long-term persistent access to Microsoft 365 as one of their primary objectives. The focus on developing novel and hard to detect methods to achieve this goal was highlighted with the recent detection of UNC2452 and their access to Microsoft 365. One of this group's key TTPs was to steal the Token Signing Certificate from an organization’s AD FS server to enable them to bypass MFA and access cloud services as any… [...]

Hacking Operational Technology for Defense: Lessons Learned From OT Red
Teaming Smart Meter Control Infrastructure

High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks—such as the Internet. In Mandiant’s experience, the concept of an ‘air gap’ separating OT assets from external networks rarely holds true in practice. In 2018, we released a blog post presenting the tools and techniques that TEMP.Veles used during the TRITON incident to traverse from an external compromise of the information technology (IT) network of a critical infrastructure organization to the safety systems located… [...]

We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of global events. Business operations shifted in response to the worldwide pandemic and threat actors continued to escalate the sophistication and aggressiveness of their attacks, while in parallel leveraged unexpected global events to their advantage. We discuss all of this and much more in the full report, which is available for download today. But first, here is a sneak preview of the most popular M-Trends metric where we answer the critical question:… [...]

Back in a Bit: Attacker Use of the Windows Background Intelligent
Transfer Service

In this blog post we will describe: How attackers use the Background Intelligent Transfer Service (BITS) Forensic techniques for detecting attacker activity with data format specifications Public release of the BitsParser tool A real-world example of malware using BITS persistence Introduction Microsoft introduced the Background Intelligent Transfer Service (BITS) with Windows XP to simplify and coordinate downloading and uploading large files. Applications and system components, most notably Windows Update, use BITS to deliver operating system and application updates so they can be downloaded with minimal user disruption. Applications interact with the Background Intelligent Transfer Service by creating jobs with one… [...]

Monitoring ICS Cyber Operation Tools and Software Exploit Modules To
Anticipate Future Threats

There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, prioritize security efforts, and justify resource allocation. To address this problem, FireEye Mandiant Threat Intelligence produces a range of reports for subscription customers that focus on different indicators to predict future threats. Insights from activity on dark web forums, anecdotes from the field, ICS vulnerability… [...]

UPDATE (Mar. 18): Mandiant recently observed targeted threat actors modifying mailbox folder permissions of user mailboxes to maintain persistent access to the targeted users' email messages. This stealthy technique is not usually monitored by defenders and provides threat actors a way to access the desired email messages using any compromised credentials. The white paper, blog post and Azure AD Investigator tool have been updated to reflect these findings. Mandiant would like to thank the members of Microsoft’s Detection and Response Team (DART) for their collaboration on this research. In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is… [...]

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint security solutions. Our investigation revealed that the files created on the Exchange servers were owned by the user NT AUTHORITY\SYSTEM, a privileged local account on the Windows operating system. Furthermore, the process that created the web shell was UMWorkerProcess.exe, the process responsible for Exchange Server’s Unified Messaging Service. In subsequent investigations, we observed malicious files created by w3wp.exe, the process… [...]

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based
Entity; Possible Connection to UNC2452

Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromised by UNC2452, and have indications that it is linked to UNC2452, but we have not fully verified this connection. Please see the Technical Annex for relevant MITRE ATT&CK techniques (T1027, T1027.002, T1059.003, T1071.001, T1105, T1140, T1573.001). The activity discussed in this blog post is also detailed in a Microsoft blog post. We thank the team at Microsoft… [...]

Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory

Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory. The Vulnerability: Uninitialized Memory In unmanaged languages, such as C or C++, variables are not initialized by default. Using uninitialized variables causes undefined behavior and may cause a crash. There are roughly two variants of uninitialized memory: Direct uninitialized memory usage: An uninitialized pointer or an index is used in read or write. This may cause a crash. Information… [...]

So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. As of publishing this post, we track 11 distinct groups that have deployed MAZE ransomware. At the close of 2020, we noticed a shift in a subset of these groups that have started to deploy EGREGOR ransomware in favor of MAZE ransomware following access acquired from ICEDID infections. Since its discovery in 2017 as a banking trojan, ICEDID evolved into… [...]

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion

Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations that had been impacted by UNC2546 in the prior month began receiving extortion emails from actors threatening to publish stolen data on the “CL0P^_- LEAKS" .onion website. Some of the published victim data appears to have been stolen using the DEWMODE web shell. Notably, the number of victims on the “CL0P^_- LEAKS" shaming… [...]

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s (now owned by Tesla) rebranded ConnectPort X2e device, which is used in residential solar installations. Mandiant performs this type of work both for research purposes and in a professional capacity for their global clients. Mandiant collaborated with Digi International and SolarCity/Tesla to responsibly disclose the results of the research, resulting in the following two CVEs: Hardcoded Credentials (CVE-2020-9306, CVSS3.0: 8.8) Execution with Unnecessary Privileges (CVE-2020-12878, CVSS3.0: 8.4)… [...]

Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1's multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen. Highlights of the report include: Evidence linking APT1 to China's 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department (Military Cover Designator 61398). A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries. APT1's modus operandi (tools, tactics, procedures)… [...]

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part Two)

In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a high level, performed initial network-based attacks, then discussed the hardware techniques used to gain a remote shell on the X2e device as a non-privileged system user. In this segment, we’ll cover how we obtained a privileged shell on the device locally using power glitching attacks, and explore CVE-2020-12878, a vulnerability we discovered that permitted remote privilege escalation to the root user. Combined with CVE-2020-9306 (discussed in Part One), this would result… [...]

A Totally Tubular Treatise on TRITON and TriStation

Introduction In December 2017, FireEye's Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For both INDUSTROYER and TRITON, the attackers moved from the IT network to the OT (operational technology) network through systems that were accessible to both environments. Traditional malware backdoors, Mimikatz distillates, remote desktop sessions, and other well-documented, easily-detected attack methods were used throughout these intrusions. Despite the routine techniques employed to gain access to an OT environment, the… [...]

5/31/18 Androids with Pre-installed Malware & The Markley Quiz [...]

5/31/18 New Speculative Execution Vulnerability [...]

5/24/18 Satori scanning for Etherium mining rigs [...]

5/17/18 GandCrab Hides on Legitimate Websites [...]

4/26/18 Book Review: The Car Hacker’s Handbook by Craig Smith [...]