US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit
www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/ The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.. see also
www.justice.gov/opa/press-release/file/1328521/download. see also
www.ncsc.gov.uk/news/uk-and-partners-condemn-gru-cyber-attacks-against-olympic-an-paralympic-games
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
threatpost.com/ryuk-ransomware-gang-zerologon-lightning-attack/160286/ Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
Watch out for Emotet malware’s new ‘Windows Update’ attachment
www.bleepingcomputer.com/news/security/watch-out-for-emotet-malwares-new-windows-update-attachment/ The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word.
Microsoft Exchange, Outlook Under Siege By APTs
threatpost.com/microsoft-exchange-outlook-apts/160273/ A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.. see also
www.accenture.com/us-en/insights/security/cyber-threatscape-report
Discord desktop app vulnerability chain triggered remote code execution attacks
www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/ Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.
Hackers hijack Telegram, email accounts in SS7 mobile attack
www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/ Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.
GravityRAT: The spy returns
securelist.com/gravityrat-the-spy-returns/99097/ In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previously targeted Windows machines. However, it underwent changes in 2018, with Android devices being added to the list of targets.
Tietomurron seurauksena yli 400000 asiakkaan henkilötiedot päätyivät verkkoon Lentoyhtiö sai roiman alennuksen sakkoonsa
www.kauppalehti.fi/uutiset/tietomurron-seurauksena-yli-400000-asiakkaan-henkilotiedot-paatyivat-verkkoon-lentoyhtio-sai-roiman-alennuksen-sakkoonsa/457dee3f-1eb7-4265-b5cb-cbee4047b7f8 Britannian tietovalvontakeskus alentaa lentoyhtiö British Airwaysin tietomurron sakon 20 miljoonaan puntaan eli reiluun 22 miljoonaan euroon, Tech Crunch kirjoittaa. Alunperin sakon suuruudeksi oli määrätty 184 miljoonaa puntaa eli yli 200 miljoonaa euroa.
Mies syytteessä 135 miljoonan euron kiristämisestä haittaohjelmien avulla Ranskassa
www.is.fi/digitoday/art-2000006674258.html Pariisissa oikeus ryhtyy puimaan juttua, jossa 41-vuotiasta miestä syytetään 135 miljoonan euron kiristämisestä tietokoneisiin ujutettujen haittaohjelmien avulla. Uhreja on lähes 200 eri puolilta maailmaa.
Overlay Malware Targets Windows Users with a DLL Hijack Twist
threatpost.com/overlay-malware-dll-hijack/160288/ Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.
Major Vulnerabilities Discovered in Qualcomm QCMAP
www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities In a recent supply chain security assessment, Vdoo analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and have responsibly disclosed four major vulnerabilities in Qualcomms QCMAP (Mobile Access Point) architecture that these devices were based on.. An attacker that exploits the discovered vulnerabilities can gain remote root access to any of the affected devices.
Cloud Threat Hunting: Attack & Investigation Series- Privilege Escalation via Lambda
blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/ Cloud breaches are becoming increasingly prevalent in this modern digital era. One of the more dangerous strategies attackers deploy during a cloud breach is Privilege escalation. They use this to move laterally within a cloud environment and access sensitive assets.
